I’ll double check, but think I’ve already tried that
Rgds
Alex

Sent from my iPhone 6 plus

> On 4 Oct 2017, at 20:29, Daniel Ehlers <danielehlers@mindeye.net> wrote:
>
>> On 10/04/2017 04:58 PM, Alex Sharaz wrote:
>> Hi,
>> I'm using radsecproxy to pass RADIUS auths from our ORPS machine to the upstream national radius proxy service .
>>
>> Looking at the log file I'm seeing access-rejects being sent down generating log entries of the form
>>
>> Oct  4 15:47:09 2017: Access-Reject for user 0234105273270593@wlan.mnc010.mcc234.3gppnetwork.org
>> <mailto:0234105273270593@wlan.mnc010.mcc234.3gppnetwork.org> stationid 2C-0E-3D-05-37-86 from roaming0.ja.net
>> <http://roaming0.ja.net> (Request Denied) to fromFR (127.0.0.1)
>>
>> What I'd like to do is reject these locally in radsecproxy.conf. I thought that
>>
>> realm /.*\\.3gppnetwork\\.org$/ {
>>        replymessage "Misconfigured client: Rejected by eduroam1.york.ac.uk <http://eduroam1.york.ac.uk>!"
>> }
>>
>> would stop these from being passed onwards. As the log entry above shows, it doesn't !
>>
>> The statement  is at the top of my realm statement lists with
>>
>> realm   * {
>>        server roaming0.ja.net <http://roaming0.ja.net>
>>        server roaming1.ja.net <http://roaming1.ja.net>
>> }
>>
>> at the bottom.
>>
>> What's wrong with my realm statement?
>> Rgds
>> Alex
> Hi,
>
> plz try
>
> realm /@.*\\.3gppnetwork\\.org$/ {
>
> didn't checked that with the code, but according to [1] it looks
> like you have to explicitly define a username/domain part separated by '@'.
>
> regards Daniel
>
> [1] https://software.nordu.net/radsecproxy/doc/1.6/radsecproxy.conf.html#REALM%20BLOCK
>
>

> _______________________________________________
> radsecproxy mailing list
> radsecproxy@lists.nordu.net
> https://lists.nordu.net/listinfo/radsecproxy