Allowing user from one realm but not another

Jeff A jeffa at
Sun Feb 14 21:37:08 CET 2010

Having problems getting access reject to work, seems like no matter what I
try it lets this test user on in every realm

I am using cistron compat to accommodate my userfile inputted by rodopi

dialuptest	Password = "secret"
	Framed-Protocol = PPP,
	Service-Type = Framed-User,
	Session-Timeout = 14400,
	Ascend-Data-Filter = "ip in forward tcp est",
	Ascend-Data-Filter = "ip in forward dstip",
	Ascend-Data-Filter = "ip in drop tcp dstport = 25",
	Ascend-Data-Filter = "ip in forward",
	Port-Limit = 1,
	Realm = "", Auth-Type = Reject

I have tried adding the ! and : symbol in the above line (makes no
Still can login on all three realms

Also have tried the realm item as a check item, quote, and no options with
same results
If a check item its placed on same line as username etc but still no go as
below example

dialuptest	Password = "secret"	Realm = "", Auth-Type =


-----Original Message-----
From: at
[ at] On
Behalf Of Chris
Sent: Sunday, February 14, 2010 12:33 PM
To: FreeRadius users mailing list
Subject: Re: Allowing user from one realm but not another

On Feb 14, 2010, at 6:11 AM, Jeff A wrote:

> Your idea is best.
> I think I will modify, but for a work around till I get a chance to get
> everything turned around.
> I will use Alan's example..
> My question is this
> Can his example contain more than one realm to reject between the quotes?
> bob	Realm != "", Auth-Type := Reject

That's not the realm you're rejecting, but the one you're accepting,
rejecting access if the username is "bob" and the realm is not equal to
List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list