We no longer have to do "%{Attribute-Name}", we can just use

author aland <aland>

Tue, 15 Jan 2008 16:29:55 +0000 (16:29 +0000)

committer aland <aland>

Tue, 15 Jan 2008 16:29:55 +0000 (16:29 +0000)
author aland <aland>
Tue, 15 Jan 2008 16:29:55 +0000 (16:29 +0000)
committer aland <aland>
Tue, 15 Jan 2008 16:29:55 +0000 (16:29 +0000)
diff --git a/raddb/policy.conf b/raddb/policy.conf

index e2d44aa..21a381a 100644 (file)
--- a/raddb/policy.conf
+++ b/raddb/policy.conf
@@ -18,13 +18,12 @@
  #  they cannot be called recursively.  They MUST be defined in order.
  #  If policy A calls policy B, then B MUST be defined before A.
  #
-#
  policy {
         #
         #       Forbid all EAP types.
         #
         forbid_eap {
-               if ("%{EAP-Message}") {
+               if (EAP-Message) {
                         reject
                 }
         }
@@ -33,7 +32,7 @@ policy {
         #       Forbid all non-EAP types outside of an EAP tunnel.
         #
         permit_only_eap {
-               if (!"%{EAP-Message}") {
+               if (!EAP-Message) {
                         #  We MAY be inside of a TTLS tunnel.
                         #  PEAP and EAP-FAST require EAP inside of
                         #  the tunnel, so this check is OK.
@@ -48,7 +47,7 @@ policy {
         #       Forbid all attempts to login via realms.
         #
         deny_realms {
-               if ("%{User-Name}" =~ /@|\\/) {
+               if (User-Name =~ /@|\\/) {
                         reject
                 }
         }
author	aland <aland>
	Tue, 15 Jan 2008 16:29:55 +0000 (16:29 +0000)
committer	aland <aland>
	Tue, 15 Jan 2008 16:29:55 +0000 (16:29 +0000)