Allowing user from one realm but not another

Jeff A jeffa at globalco.net
Sun Feb 14 21:37:08 CET 2010


Having problems getting access reject to work, seems like no matter what I
try it lets this test user on in every realm

I am using cistron compat to accommodate my userfile inputted by rodopi

dialuptest	Password = "secret"
	Framed-Protocol = PPP,
	Service-Type = Framed-User,
	Session-Timeout = 14400,
	Ascend-Data-Filter = "ip in forward tcp est",
	Ascend-Data-Filter = "ip in forward dstip 0.0.0.0/24",
	Ascend-Data-Filter = "ip in drop tcp dstport = 25",
	Ascend-Data-Filter = "ip in forward",
	Port-Limit = 1,
	Realm = "foo.net", Auth-Type = Reject

I have tried adding the ! and : symbol in the above line (makes no
difference)
Still can login on all three realms

Also have tried the realm item as a check item, quote, and no options with
same results
If a check item its placed on same line as username etc but still no go as
below example

dialuptest	Password = "secret"	Realm = "foo.net", Auth-Type =
Reject


Jeff


-----Original Message-----
From: freeradius-users-bounces+jeffa=globalco.net at lists.freeradius.org
[mailto:freeradius-users-bounces+jeffa=globalco.net at lists.freeradius.org] On
Behalf Of Chris
Sent: Sunday, February 14, 2010 12:33 PM
To: FreeRadius users mailing list
Subject: Re: Allowing user from one realm but not another


On Feb 14, 2010, at 6:11 AM, Jeff A wrote:

> Your idea is best.
> I think I will modify, but for a work around till I get a chance to get
> everything turned around.
> I will use Alan's example..
> 
> My question is this
> Can his example contain more than one realm to reject between the quotes?
> 
> bob	Realm != "foo.net", Auth-Type := Reject
> 

That's not the realm you're rejecting, but the one you're accepting,
rejecting access if the username is "bob" and the realm is not equal to
"foo.net."
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html





More information about the Freeradius-Users mailing list