"double" realm problem
Alexander Clouter
alex at digriz.org.uk
Tue Oct 27 11:09:14 CET 2009
mr typo <euroregistrar at gmail.com> wrote:
>
> i was trying to reject those "double" realm.
> but i cannot find the right syntax and/or where to put the lines.
>
> i was trying to put this lines in the user file:
> DEFAULT User-Name =~ "/^.*@company.com at .*/"
> Auth-Type := Reject
>
>
> that did not work.
> when putting:
> if (User-Name ~= /^.*@company.com at .*/) {
> reject
> }
> in the server configuration in authorize section, i get a strange error..
>
> i am quite new with configuring freeradius, it would be nice if someone
> could give me some real hint how to and where
> reject those double @ @
>
In addition to my blackholing I now have added to my policy.conf file:
----
# only needs to be close enough to catch unroutable guff
validate_username {
if (User-Name !~ /@/ \
|| ( \
User-Name !~ /@.*@/ \
&& User-Name =~ /^[[:graph:]]*@([-[:alnum:]]+\.)+[[:alpha:]]{2,}$/ \
) \
) {
ok
}
else {
update reply {
Reply-Message := "Invalid User-Name Syntax"
}
reject
}
}
----
Then in your authorize section you just place 'validate_username' and it
looks after everything for you.
What the above bumpf does is:
* permit realmless (usernames without an '@') through, these are
rejected later by matching against the NULL realm (*important*)
* if there is an '@' in there then it
* reject's if there are two or more '@'s
* reject if the *realm* is not valid, for example the realm *must*
be made up of at least two parts, and the end part must be at
least two characters long
Hope that helps
Cheers
--
Alexander Clouter
.sigmonster says: The best things in life are for a fee.
More information about the Freeradius-Users
mailing list