[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: How to block certain usernames hitting Freeradius server
From:       Alan Buxey <alan.buxey () gmail ! com>
Date:       2017-08-19 16:34:47
Message-ID: CAOVYXj8u1-nQzV8AduSWp=U9jsJasCUoAM8XZHjpj5i8=cUtgQ () mail ! gmail ! com
[Download RAW message or body]

Just stick some unlang checks at the top of your authorize section.... Or
create a policy and then call that policy at the top of your authorize
section (pretty much same thing but policy method is better).

In fact you might find that several of the policies already present will
help you out!

alan

On 18 Aug 2017 11:07 am, "Burn Zero" <burnzerog@gmail.com> wrote:

> Hi,
>
> We have setup Freeradius latest version to help users authenticate,
> authorize to 802.x WIFI. While analyzing logs, we found that certain
> user names ( with random alphabets ) that are trying to authenticate
> every certain minutes. Those are just invalid usernames some people
> have configured in their phone/tablet/system. They won't even get
> authentication success since those are anyways invalid usernames.
>
> What I am trying to achieve is to prevent these usernames from hitting
> Freeradius servers ( do username, group check in Active Directory)  so
> that when those invalid usernames comes to Freeradius it would be
> filtered and no longer go inside tunnels and then for username check
> in Active directory.
>
> Thank you.
>
> -
> BurnZero
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]