Freeraius vs NPS
Alan DeKok
aland at deployingradius.com
Mon May 8 17:08:46 CEST 2017
On May 8, 2017, at 10:08 AM, Martin, Jeremy <jmartin at emcc.edu> wrote:
>
> For the sake of completeness and my own sanity if I have to tackle this issue again in the future the following was the solution to my problem:
>
> authorize {
>
> if ("%{sql:SELECT COUNT(username) FROM radreject WHERE UPPER(username) = UPPER('%{User-Name}')}" > 0) {
> reject
> }
That's a good solution. We recommend using custom tables for custom rules.
The one thing I'd say is that you probably *also* want to reject users whose User-Names don't have the correct case.
i.e. if the user's name is "bob", and they log in as "Bob", or "bOb", those attempts should be rejected *no matter what*.
Alan DeKok.
More information about the Freeradius-Users
mailing list