Time for action – rejecting requests without a realm

The following steps will demonstrate how to reject requests without a realm:

  1. Edit the proxy.conf file under the FreeRADIUS configuration directory and ensure that the my-org.com realm does not have the nostrip directive (it was included in the previous exercise).
  2. Edit the sites-enabled/default file and add the following unlang code just after the suffix entry in the authorize section. This will reject any requests with usernames without a realm:
    if( request:Realm == NULL ){
    update reply {
        Reply-Message := "Username should be in format username@domain"
    }
    reject
}
  3. Restart the FreeRADIUS server in debug mode and try to authenticate as alice. The authentication request should fail.
  4. Authenticate as

Get FreeRADIUS Beginner's Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial