3 ## policy.conf -- FreeRADIUS server configuration file.
5 ## http://www.freeradius.org/
10 # Policies are virtual modules, similar to those defined in the
11 # "instantate" section of radiusd.conf.
13 # Defining a policy here means that it can be referenced in multiple
14 # places as a *name*, rather than as a series of conditions to match,
15 # and actions to take.
17 # Policies are something like subroutines in a normal language, but
18 # they cannot be called recursively. They MUST be defined in order.
19 # If policy A calls policy B, then B MUST be defined before A.
24 # Forbid all EAP types.
27 if ("%{EAP-Message}") {
33 # Forbid all non-EAP types outside of an EAP tunnel.
36 if (!"%{EAP-Message}") {
37 # We MAY be inside of a TTLS tunnel.
38 # PEAP and EAP-FAST require EAP inside of
39 # the tunnel, so this check is OK.
40 # If so, then there MUST be an outer EAP message.
41 if (!"%{outer.request:EAP-Message}") {
48 # Forbid all attempts to login via realms.
51 if ("%{User-Name}" =~ /@|\\/) {