force/require @domain/part

A.L.M.Buxey at A.L.M.Buxey at
Tue Jun 21 16:02:34 CEST 2016


> Like when AD domain is / PRIVATE and radius will
> absolutely need this. At the moment having configs constructed of
> bits from wikis/howtos, both: "me at" and "me" get
> authenticated.


in fact, recent releases of the server come with many default policies which
will do this sort of check/enforcement for you (because they are for eduroam!)

either invoke the policy (call it by its name in the virtual server config) or use unlang directly
int he authorize section eg

	  if( User-Name !~ /@/ ) {
          	update reply {
       	  		Reply-Message = "no realm defined"


More information about the Freeradius-Users mailing list