[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: How to validate user@domain.com?
From:       Matthew Newton <mcn () freeradius ! org>
Date:       2019-11-13 12:45:59
Message-ID: e92851b0e8305f0fde2fe6bb1468532a0021f59d.camel () freeradius ! org
[Download RAW message or body]

On Wed, 2019-11-13 at 10:33 -0200, Renato Sousa wrote:
> I use freeradius 3.0.12 to authenticate users to a wireless network
> in my company. Some time ago I made the configuration below to
> prevent users from authenticating without using @domain in the
> request, which worked for a long time, but stopped working.

OK

> *post-auth {...           update reply {                 User-Name: =
> &
> User-Name                      }...}*

That would never work to ensure a username contains '@'.

> How can I configure freeradius to validate only users in the format '
> username@domain.com' ?

In authorize:

  if (&User-Name !~ /@/) {
    reject
  }

Then use the `filter_username` policy to check for correctly formed
User-Name: no double dots, only a single '@', etc.

-- 
Matthew


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]