Rejecting realms based on calling client

David Aldwinckle daldwinc at uwaterloo.ca
Thu Aug 15 15:23:04 CEST 2013


Sigh. I broke the cardinal rule of the list _again_.

I'Ll grab a full debug log now.

Sorry for the spam.

Dave Aldwinckle


On 2013-08-13 11:22 AM, "Alan DeKok" <aland at deployingradius.com> wrote:

>David Aldwinckle wrote:
>> Is there a way that I can deny a specific realm when an access request
>> is received from a specific client?
>
>  Yes.
>
>> I tried adding something to policy.conf but I couldn't get the syntax
>>right:
>
>  So... what happened?  Did you get an error?  Is it a secret?
>
>> #Prevent secretrealm from logging in off-campus
>> remote_secret_reject
>> if ("%{Realm}" == "secretrealm.ca") && ((Client-Shortname ==
>> "proxy-client1") || (Client-Shortname == "proxy-client2"))) {
>> reject
>>  }
>> 
>> Is there a different way that I should be doing this?
>
>  You can do it via a policy.  But you have to get the syntax right.
>See "man unlang" for documentation on the syntax.  See the policy.conf
>file for examples of working policies.
>
>  Alan DeKok.
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list