Time for action – rejecting requests without a realm
The following steps will demonstrate how to reject requests without a realm:
- Edit the
proxy.conf
file under the FreeRADIUS configuration directory and ensure that themy-org.com
realm does not have thenostrip
directive (it was included in the previous exercise). - Edit the
sites-enabled/default
file and add the following unlang code just after thesuffix
entry in theauthorize
section. This will reject any requests with usernames without a realm:if( request:Realm == NULL ){ update reply { Reply-Message := "Username should be in format username@domain" } reject }
- Restart the FreeRADIUS server in debug mode and try to authenticate as alice. The authentication request should fail.
- Authenticate as
Get FreeRADIUS Beginner's Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.