On 06/09/2014 08:31 PM, Michael Rodrigues wrote: > I got the non-EAP handler setup and made a handler specifically for > Accounting Requests.
Good to hear it works. > The only issue I can find with my config is that users can circumvent my > UserBlacklist by changing the capitalization of their username. I'm > surprised Active Directory allows this, but we had a similar problem > when we were authing against LDAP. The syntax in the link below and what you have has a small but important bug. Try something like this (notice the comma).: DEFAULT User-Name = /^mrodrigues$/i, Auth-Type = Reject:Blacklisted Otherwise it should go as Hugh wrote. > I tried implementing the solution here: > http://www.open.com.au/pipermail/radiator/2013-February/018882.html > > But I can still authenticate as "Mrodrigues" when I have "DEFAULT > User-Name = /^mrodrigues$/i Auth-Type = Reject" in the users file. I did > also have the "DEFAULT Auth-Type = Accept" at the end. I tried changing > the default "Accept" to "Reject": I think it should go as in the example as soon as you have correctly separated the reply attributes with a comma. Thanks, Heikki -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
