force/require @domain/part

Matthew Newton mcn4 at
Tue Jun 21 15:59:36 CEST 2016

On Tue, Jun 21, 2016 at 02:43:13PM +0100, lejeczek via Freeradius-Users wrote:
> I'm hoping this is possible, having pretty vanilla mschap & pap(ntlm) to
> tweak radius so it - for eap & pap (basically AD) - would fail if there is
> no @domain part in the request.
> Like when AD domain is / PRIVATE and radius will absolutely
> need this. At the moment having configs constructed of bits from
> wikis/howtos, both: "me at" and "me" get authenticated.
> how to tweak?

  if (&User-Name !~ /$/) {


Matthew Newton, Ph.D. <mcn4 at>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at>

More information about the Freeradius-Users mailing list