Rejecting realms based on calling client

Alan DeKok aland at deployingradius.com
Tue Aug 13 17:22:48 CEST 2013


David Aldwinckle wrote:
> Is there a way that I can deny a specific realm when an access request
> is received from a specific client?

  Yes.

> I tried adding something to policy.conf but I couldn't get the syntax right:

  So... what happened?  Did you get an error?  Is it a secret?

> #Prevent secretrealm from logging in off-campus 
> remote_secret_reject 
> if ("%{Realm}" == "secretrealm.ca") && ((Client-Shortname ==
> "proxy-client1") || (Client-Shortname == "proxy-client2"))) { 
> reject
>  }
> 
> Is there a different way that I should be doing this?

  You can do it via a policy.  But you have to get the syntax right.
See "man unlang" for documentation on the syntax.  See the policy.conf
file for examples of working policies.

  Alan DeKok.


More information about the Freeradius-Users mailing list