"double" realm problem

mr typo euroregistrar at gmail.com
Tue Oct 27 13:31:35 CET 2009 

hello alexander,


thanks alot for this piece of code. but now i have a problem with getting
this to work.
in radiusd.conf i have an

$INCLUDE policy.conf

and in my authorize section i got the following:

authorize {
                auth_log
                validate_username
                suffix
                eap {
                        ok =  return
                }
        }

upon restarting i get the following:

/etc/raddb/sites-enabled/eduroam[9]: Failed to find module
"validate_username".
/etc/raddb/sites-enabled/eduroam[2]: Errors parsing authorize section.

any hints?

-euro

On Tue, Oct 27, 2009 at 11:09 AM, Alexander Clouter <alex at digriz.org.uk>wrote:

> mr typo <euroregistrar at gmail.com> wrote:
> >
> > i was trying to reject those "double" realm.
> > but i cannot find the right syntax and/or where to put the lines.
> >
> > i was trying to put this lines in the user file:
> > DEFAULT User-Name =~ "/^.*@company.com at .*/"
> >   Auth-Type := Reject
> >
> >
> > that did not work.
> > when putting:
> > if (User-Name ~= /^.*@company.com at .*/) {
> >  reject
> > }
> > in the server configuration in authorize section, i get a strange error..
> >
> > i am quite new with configuring freeradius, it would be nice if someone
> > could give me some real hint how to and where
> > reject those double @ @
> >
> In addition to my blackholing I now have added to my policy.conf file:
> ----
> # only needs to be close enough to catch unroutable guff
> validate_username {
>        if (User-Name !~ /@/ \
>                       || ( \
>                                User-Name !~ /@.*@/ \
>                                && User-Name =~
> /^[[:graph:]]*@([-[:alnum:]]+\.)+[[:alpha:]]{2,}$/ \
>                       ) \
>        ) {
>                ok
>        }
>        else {
>                update reply {
>                        Reply-Message := "Invalid User-Name Syntax"
>                }
>                reject
>        }
> }
> ----
>
> Then in your authorize section you just place 'validate_username' and it
> looks after everything for you.
>
> What the above bumpf does is:
>  * permit realmless (usernames without an '@') through, these are
>        rejected later by matching against the NULL realm (*important*)
>  * if there is an '@' in there then it
>   * reject's if there are two or more '@'s
>   * reject if the *realm* is not valid, for example the realm *must*
>        be made up of at least two parts, and the end part must be at
>        least two characters long
>
> Hope that helps
>
> Cheers
>
> --
> Alexander Clouter
> .sigmonster says: The best things in life are for a fee.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091027/ed9bd86a/attachment.html>

More information about the Freeradius-Users mailing list