force/require @domain/part
Matthew Newton
mcn4 at leicester.ac.uk
Tue Jun 21 15:59:36 CEST 2016
On Tue, Jun 21, 2016 at 02:43:13PM +0100, lejeczek via Freeradius-Users wrote:
> I'm hoping this is possible, having pretty vanilla mschap & pap(ntlm) to
> tweak radius so it - for eap & pap (basically AD) - would fail if there is
> no @domain part in the request.
>
> Like when AD domain is @private.dom.my / PRIVATE and radius will absolutely
> need this. At the moment having configs constructed of bits from
> wikis/howtos, both: "me at private.dom.my" and "me" get authenticated.
>
> how to tweak?
if (&User-Name !~ /@private.dom.my$/) {
reject
}
Matthew
--
Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list