<div>hello alexander,</div><div><br></div><div><br></div><div>thanks alot for this piece of code. but now i have a problem with getting this to work.</div><div>in radiusd.conf i have an </div><div><br></div><div>$INCLUDE policy.conf</div>
<div><br></div><div>and in my authorize section i got the following:</div><div><br></div><div><div>authorize {</div><div> auth_log</div><div> validate_username</div><div> suffix</div>
<div> eap {</div><div> ok = return</div><div> }</div><div> }</div><div><br></div><div>upon restarting i get the following:</div><div><br></div></div><div>/etc/raddb/sites-enabled/eduroam[9]: Failed to find module "validate_username".</div>
<div>/etc/raddb/sites-enabled/eduroam[2]: Errors parsing authorize section. </div><div><br></div><div>any hints?</div><div><br></div><div>-euro</div><br><div class="gmail_quote">On Tue, Oct 27, 2009 at 11:09 AM, Alexander Clouter <span dir="ltr"><<a href="mailto:alex@digriz.org.uk">alex@digriz.org.uk</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">mr typo <<a href="mailto:euroregistrar@gmail.com">euroregistrar@gmail.com</a>> wrote:<br>
><br>
</div><div class="im">> i was trying to reject those "double" realm.<br>
> but i cannot find the right syntax and/or where to put the lines.<br>
><br>
> i was trying to put this lines in the user file:<br>
> DEFAULT User-Name =~ "/^.*@<a href="http://company.com" target="_blank">company.com</a>@.*/"<br>
> Auth-Type := Reject<br>
><br>
><br>
> that did not work.<br>
> when putting:<br>
> if (User-Name ~= /^.*@<a href="http://company.com" target="_blank">company.com</a>@.*/) {<br>
> reject<br>
> }<br>
> in the server configuration in authorize section, i get a strange error..<br>
><br>
> i am quite new with configuring freeradius, it would be nice if someone<br>
> could give me some real hint how to and where<br>
> reject those double @ @<br>
><br>
</div>In addition to my blackholing I now have added to my policy.conf file:<br>
----<br>
# only needs to be close enough to catch unroutable guff<br>
validate_username {<br>
if (User-Name !~ /@/ \<br>
|| ( \<br>
User-Name !~ /@.*@/ \<br>
&& User-Name =~ /^[[:graph:]]*@([-[:alnum:]]+\.)+[[:alpha:]]{2,}$/ \<br>
) \<br>
) {<br>
ok<br>
}<br>
else {<br>
update reply {<br>
Reply-Message := "Invalid User-Name Syntax"<br>
}<br>
reject<br>
}<br>
}<br>
----<br>
<br>
Then in your authorize section you just place 'validate_username' and it<br>
looks after everything for you.<br>
<br>
What the above bumpf does is:<br>
* permit realmless (usernames without an '@') through, these are<br>
rejected later by matching against the NULL realm (*important*)<br>
* if there is an '@' in there then it<br>
* reject's if there are two or more '@'s<br>
* reject if the *realm* is not valid, for example the realm *must*<br>
be made up of at least two parts, and the end part must be at<br>
least two characters long<br>
<br>
Hope that helps<br>
<br>
Cheers<br>
<font color="#888888"><br>
--<br>
Alexander Clouter<br>
.sigmonster says: The best things in life are for a fee.<br>
</font><div><div></div><div class="h5"><br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</div></div></blockquote></div><br>