Hi Folks,
I know there's an easy way to do this, but I've googled a bit this morning
and can't quite figure it out.
We are running Freeradius with a users file (no database). I have several
realms defined, each with a fallthrough like so:
DEFAULT Realm == realm1.com
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-IP-Netmask = 255.255.255.255,
Framed-Routing = None,
Framed-Compression = None,
Framed-MTU = 1500,
Fall-Through = 1
DEFAULT Realm == realm2.com
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-IP-Netmask = 255.255.255.255,
Framed-Routing = None,
Framed-Compression = None,
Framed-MTU = 1500,
Fall-Through = 1
DEFAULT Realm == realm3.com
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-IP-Netmask = 255.255.255.255,
Framed-Routing = None,
Framed-Compression = None,
Framed-MTU = 1500,
Fall-Through = 1
I also have these 3 realms defined in the realms file. The way things are
setup now, username bob could log in as [EMAIL PROTECTED] or [EMAIL PROTECTED] or
[EMAIL PROTECTED] and as long as bob supplied the correct password he would be
granted access and that's been fine up until now.
What I'ld like to do is to fix it so that only certain usernames could log
on as [EMAIL PROTECTED] (leave realm1.com and realm2.com as they are). So
anyone with a correct username/password could log in using realm1.com or
realm2.com but only bob, jane and alex could log in with realm3.com.
I suppose I could add an entry in my users file as so:
bob Realm=realm3.com, Auth-Type = Local, Password == xxxxx
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-IP-Netmask = 255.255.255.255,
Framed-Routing = None,
Framed-Compression = None,
Framed-MTU = 1500
Would that work? How would I define realm3.com earlier in my users file?
Would this work or is there a better way?
Thanks,
Lisa Casey
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
