Rejecting realms based on calling client

David Aldwinckle daldwinc at uwaterloo.ca
Tue Aug 13 15:04:07 CEST 2013


Hello,

I have two clients that proxy access requests to me. The realm varies, but the format is always userid at realm.whatever<mailto:userid at realm.whatever>

Is there a way that I can deny a specific realm when an access request is received from a specific client?

I tried adding something to policy.conf but I couldn't get the syntax right:

#Prevent secretrealm from logging in off-campus
remote_secret_reject
if ("%{Realm}" == "secretrealm.ca") && ((Client-Shortname == "proxy-client1") || (Client-Shortname == "proxy-client2"))) {
reject
 }

Is there a different way that I should be doing this?

Thanks,
Dave

Dave Aldwinckle
Network Support Specialist
Information Systems and Technology
Phone: (519)-888-4567 ext. 31145
E-Mail: daldwinc at uwaterloo.ca<mailto:daldwinc at uwaterloo.ca>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130813/40e0a658/attachment.html>


More information about the Freeradius-Users mailing list