Using Realm as a check item

Fri, 05 Dec 2008 14:02:35 -0800 

Hi,
I am attempting to use my Freeradius users file to restrict certain users to a specific realm. In my users file, I have several default realms specified near the top as so: 

DEFAULT Realm == realm1.com
       Service-Type = Framed-User,
       Framed-Protocol = PPP,
       Framed-IP-Address = 255.255.255.254,
       Framed-IP-Netmask = 255.255.255.255,
       Framed-Routing = None,
       Framed-Compression = None,
       Framed-MTU = 1500,
       Fall-Through = 1

DEFAULT Realm == realm2.com
       Service-Type = Framed-User,
       Framed-Protocol = PPP,
       Framed-IP-Address = 255.255.255.254,
       Framed-IP-Netmask = 255.255.255.255,
       Framed-Routing = None,
       Framed-Compression = None,
       Framed-MTU = 1500,
       Fall-Through = 1

Next I have users entries as so:

lisa Auth-Type = Local, Password == xxxxxxx
       Service-Type = Framed-User,
       Framed-Protocol = PPP,
       Framed-IP-Address = 255.255.255.254,
       Framed-IP-Netmask = 255.255.255.255,
       Framed-Routing = None,
       Framed-Compression = None,
       Framed-MTU = 1500

susan Auth-Type = Local, Password == xxxxxxx
       Service-Type = Framed-User,
       Framed-Protocol = PPP,
       Framed-IP-Address = 255.255.255.254,
       Framed-IP-Netmask = 255.255.255.255,
       Framed-Routing = None,
       Framed-Compression = None,
       Framed-MTU = 1500


I would like to restrict lisa to realm1.com only. So I modified lisa's entry 
in the users file like so:


lisa Realm == realm1.com, Auth-Type = Local, Password == xxxxxxx
       Service-Type = Framed-User,
       Framed-Protocol = PPP,
       Framed-IP-Address = 255.255.255.254,
       Framed-IP-Netmask = 255.255.255.255,
       Framed-Routing = None,
       Framed-Compression = None,
       Framed-MTU = 1500

It doesn't work. In my radius.log I get:


Fri Dec  5 12:59:05 2008 : Auth: Login incorrect: [lisa/xxxxxxx] (from 
client rad03.globalpops.com port 1282 cli 423784xxxx)
Fri Dec  5 12:59:11 2008 : Auth: Login incorrect: [lisa/xxxxxx] (from client 
rad04.globalpops.com port 1282 cli 423784xxxx)



I have tried leaving out Auth-Type, I've changed Password == to 
Cleartext-Password == but none of that helped. I can authenticate as lisa 
with no realm specified in the users file as a check item, buit as soon as I 
add that in, I can no longer authenticate. Any idea what I'm doing wrong or 
why this isn't working for me?


Thanks,

Lisa

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html






















					Reply via email to