To add on this, also have all the common attributes in a single default
entry:
DEFAULT Service-Type = Framed-User
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-IP-Netmask = 255.255.255.255,
Framed-Routing = None,
Framed-Compression = None,
Framed-MTU = 1500,
Fall-Through = 1
User entries can then become one-liners, like in Kevin's example, and
you don't even need those DEFAULT entries for realms.
Ivan Kalik
Kalik Informatika ISP
Dana 8/11/2007, "Kevin Bonner" <[EMAIL PROTECTED]> piše:
>On Thursday 08 November 2007 11:19:48 Lisa Casey wrote:
>> The way things are setup now, any user can log in with any of the realms I
>> have defined. For example, I (username lisa) could login as
>> [EMAIL PROTECTED] and then turn around and login as [EMAIL PROTECTED] My
>> boss would like me to restrict this so that (for example) lisa could log in
>> as [EMAIL PROTECTED] but not [EMAIL PROTECTED]
>
>Just add a check item to the user entry and it will only allow them from that
>realm. Since you are using 1.1.6, don't use Auth-Type and start using
>Cleartext-Password with the := operator.
>
> lisa Cleartext-Password := "xxxxxxx", Realm == "jellico.com"
> ...
>
>Or if you want to reject from a specific realm, just use this before your real
>user entry:
> lisa Realm == "realmY", Auth-Type := Reject
>
>Kevin Bonner
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
