force/require @domain/part
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Tue Jun 21 16:02:34 CEST 2016
Hi,
> Like when AD domain is @private.dom.my / PRIVATE and radius will
> absolutely need this. At the moment having configs constructed of
> bits from wikis/howtos, both: "me at private.dom.my" and "me" get
> authenticated.
unlang.
in fact, recent releases of the server come with many default policies which
will do this sort of check/enforcement for you (because they are useful...eg for eduroam!)
either invoke the policy (call it by its name in the virtual server config) or use unlang directly
int he authorize section eg
if( User-Name !~ /@/ ) {
update reply {
Reply-Message = "no realm defined"
}
reject
}
alan
More information about the Freeradius-Users
mailing list