mr typo <euroregist...@gmail.com> wrote: > > i was trying to reject those "double" realm. > but i cannot find the right syntax and/or where to put the lines. > > i was trying to put this lines in the user file: > DEFAULT User-Name =~ "/^...@company.com@.*/" > Auth-Type := Reject > > > that did not work. > when putting: > if (User-Name ~= /^...@company.com@.*/) { > reject > } > in the server configuration in authorize section, i get a strange error.. > > i am quite new with configuring freeradius, it would be nice if someone > could give me some real hint how to and where > reject those double @ @ > In addition to my blackholing I now have added to my policy.conf file: ---- # only needs to be close enough to catch unroutable guff validate_username { if (User-Name !~ /@/ \ || ( \ User-Name !~ /@.*@/ \ && User-Name =~ /^[[:graph:]]*@([-[:alnum:]]+\.)+[[:alpha:]]{2,}$/ \ ) \ ) { ok } else { update reply { Reply-Message := "Invalid User-Name Syntax" } reject } } ----
Then in your authorize section you just place 'validate_username' and it looks after everything for you. What the above bumpf does is: * permit realmless (usernames without an '@') through, these are rejected later by matching against the NULL realm (*important*) * if there is an '@' in there then it * reject's if there are two or more '@'s * reject if the *realm* is not valid, for example the realm *must* be made up of at least two parts, and the end part must be at least two characters long Hope that helps Cheers -- Alexander Clouter .sigmonster says: The best things in life are for a fee. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html