force/require @domain/part

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Tue Jun 21 16:02:34 CEST 2016


Hi,

> Like when AD domain is @private.dom.my / PRIVATE and radius will
> absolutely need this. At the moment having configs constructed of
> bits from wikis/howtos, both: "me at private.dom.my" and "me" get
> authenticated.

unlang.


in fact, recent releases of the server come with many default policies which
will do this sort of check/enforcement for you (because they are useful...eg for eduroam!)


either invoke the policy (call it by its name in the virtual server config) or use unlang directly
int he authorize section eg

	  if( User-Name !~ /@/ ) {
          	update reply {
       	  		Reply-Message = "no realm defined"
   	  	}
   	  	reject 
	  }


alan


More information about the Freeradius-Users mailing list