8 May
2017
8 May
'17
11:08 a.m.
On May 8, 2017, at 10:08 AM, Martin, Jeremy <jmartin@emcc.edu> wrote:
For the sake of completeness and my own sanity if I have to tackle this issue again in the future the following was the solution to my problem:
authorize {
if ("%{sql:SELECT COUNT(username) FROM radreject WHERE UPPER(username) = UPPER('%{User-Name}')}" > 0) { reject }
That's a good solution. We recommend using custom tables for custom rules. The one thing I'd say is that you probably *also* want to reject users whose User-Names don't have the correct case. i.e. if the user's name is "bob", and they log in as "Bob", or "bOb", those attempts should be rejected *no matter what*. Alan DeKok.