Rejecting realms based on calling client

David Aldwinckle daldwinc at
Thu Aug 15 15:23:04 CEST 2013

Sigh. I broke the cardinal rule of the list _again_.

I'Ll grab a full debug log now.

Sorry for the spam.

Dave Aldwinckle

On 2013-08-13 11:22 AM, "Alan DeKok" <aland at> wrote:

>David Aldwinckle wrote:
>> Is there a way that I can deny a specific realm when an access request
>> is received from a specific client?
>  Yes.
>> I tried adding something to policy.conf but I couldn't get the syntax
>  So... what happened?  Did you get an error?  Is it a secret?
>> #Prevent secretrealm from logging in off-campus
>> remote_secret_reject
>> if ("%{Realm}" == "") && ((Client-Shortname ==
>> "proxy-client1") || (Client-Shortname == "proxy-client2"))) {
>> reject
>>  }
>> Is there a different way that I should be doing this?
>  You can do it via a policy.  But you have to get the syntax right.
>See "man unlang" for documentation on the syntax.  See the policy.conf
>file for examples of working policies.
>  Alan DeKok.
>List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list