Just stick some unlang checks at the top of your authorize section.... Or create a policy and then call that policy at the top of your authorize section (pretty much same thing but policy method is better). In fact you might find that several of the policies already present will help you out! alan On 18 Aug 2017 11:07 am, "Burn Zero" <burnzerog@gmail.com> wrote:
Hi,
We have setup Freeradius latest version to help users authenticate, authorize to 802.x WIFI. While analyzing logs, we found that certain user names ( with random alphabets ) that are trying to authenticate every certain minutes. Those are just invalid usernames some people have configured in their phone/tablet/system. They won't even get authentication success since those are anyways invalid usernames.
What I am trying to achieve is to prevent these usernames from hitting Freeradius servers ( do username, group check in Active Directory) so that when those invalid usernames comes to Freeradius it would be filtered and no longer go inside tunnels and then for username check in Active directory.
Thank you.
- BurnZero - List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html