User-Name missing realm in Access-Accept

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Wed Aug 12 17:46:14 CEST 2015


Hi,

> I have the same version of freeradius (because Ubuntu 14.04...). To
> achieve what you want, I put in the file sites-enables/default (wich
> is a link to the file in sites-available), inside the section
> authorize :
> 
> #  We reject login without realm (to force users to put the realm,
> even locally)
>     if ( request:Realm == NULL ) {
>         update reply {
>             Reply-Message := "Username should be in the format
> username at domain"
>         }
>         reject
>     }

these are users login in at another site - so they have to have a realm or they
wouldnt get back to their home site.  already replied to the issue of how this
might be acheived for the reply field.

however, for what you propose, you are better off using a policy in policy.conf
that does multiple checks for a valid name (including having a "@") - this
is effective, scalable and ensures ou have a single defined policy for any V-S you may have
and ALSO gets you more ready for 3.x  :-)

alan


More information about the Freeradius-Users mailing list