Rejecting realms based on calling client
David Aldwinckle
daldwinc at uwaterloo.ca
Thu Aug 15 15:23:04 CEST 2013
Sigh. I broke the cardinal rule of the list _again_.
I'Ll grab a full debug log now.
Sorry for the spam.
Dave Aldwinckle
On 2013-08-13 11:22 AM, "Alan DeKok" <aland at deployingradius.com> wrote:
>David Aldwinckle wrote:
>> Is there a way that I can deny a specific realm when an access request
>> is received from a specific client?
>
> Yes.
>
>> I tried adding something to policy.conf but I couldn't get the syntax
>>right:
>
> So... what happened? Did you get an error? Is it a secret?
>
>> #Prevent secretrealm from logging in off-campus
>> remote_secret_reject
>> if ("%{Realm}" == "secretrealm.ca") && ((Client-Shortname ==
>> "proxy-client1") || (Client-Shortname == "proxy-client2"))) {
>> reject
>> }
>>
>> Is there a different way that I should be doing this?
>
> You can do it via a policy. But you have to get the syntax right.
>See "man unlang" for documentation on the syntax. See the policy.conf
>file for examples of working policies.
>
> Alan DeKok.
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list