How to filter out users
In order to filter out all users that append the realm(domain) we can add the following rules in /opt/veridiumid/freeradius/etc/raddb/policy.d/filter under filter_username:
Reject users that use domain to authenticate:
CODE
#
# reject users with domain
#
if (&User-Name && (&User-Name =~ /@|\\/)) {
update request {
&Module-Failure-Message += 'Rejected: Username should not contain domain'
}
reject
}Reject users that use mixed and allow only lowercase usernames
CODE
#
# reject mixed case e.g. "UseRNaMe"
#
if (&User-Name != "%{tolower:%{User-Name}}") {
update request {
&Module-Failure-Message += 'Rejected: Username should be lowercase'
}
reject
}