How to block certain usernames hitting Freeradius server

Alan Buxey alan.buxey at gmail.com
Sat Aug 19 18:34:47 CEST 2017


Just stick some unlang checks at the top of your authorize section.... Or
create a policy and then call that policy at the top of your authorize
section (pretty much same thing but policy method is better).

In fact you might find that several of the policies already present will
help you out!

alan

On 18 Aug 2017 11:07 am, "Burn Zero" <burnzerog at gmail.com> wrote:

> Hi,
>
> We have setup Freeradius latest version to help users authenticate,
> authorize to 802.x WIFI. While analyzing logs, we found that certain
> user names ( with random alphabets ) that are trying to authenticate
> every certain minutes. Those are just invalid usernames some people
> have configured in their phone/tablet/system. They won't even get
> authentication success since those are anyways invalid usernames.
>
> What I am trying to achieve is to prevent these usernames from hitting
> Freeradius servers ( do username, group check in Active Directory)  so
> that when those invalid usernames comes to Freeradius it would be
> filtered and no longer go inside tunnels and then for username check
> in Active directory.
>
> Thank you.
>
> -
> BurnZero
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html


More information about the Freeradius-Users mailing list