force/require @domain/part

Matthew Newton mcn4 at leicester.ac.uk
Tue Jun 21 15:59:36 CEST 2016


On Tue, Jun 21, 2016 at 02:43:13PM +0100, lejeczek via Freeradius-Users wrote:
> I'm hoping this is possible, having pretty vanilla mschap & pap(ntlm) to
> tweak radius so it - for eap & pap (basically AD) - would fail if there is
> no @domain part in the request.
> 
> Like when AD domain is @private.dom.my / PRIVATE and radius will absolutely
> need this. At the moment having configs constructed of bits from
> wikis/howtos, both: "me at private.dom.my" and "me" get authenticated.
> 
> how to tweak?

  if (&User-Name !~ /@private.dom.my$/) {
    reject
  }

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Users mailing list