realms and local user file processing question
Alan DeKok
aland at deployingradius.com
Mon Dec 18 18:17:00 CET 2006
Michael Hare wrote:
>
> Having some problems getting a match on the local users file after a
> successful realm proxy.
That will change in 2.0, when it's released. The "users" file should
ONLY be processed before proxying, not after.
> I have tried all sorts of formats in the users file. I would have
> thought that the first was the correct syntax but it didn't work, hence
> the trial and error.
>
> mdhare at test
> Framed-IP-Address = 146.151.211.254
When you're processing the "users" file after proxying, the user name
is the *stripped* name, i.e. without the realm.
> mdhare Realm == "test"
> Framed-IP-Address = 146.151.211.254
This should work.
> "mdhare at test"
> Framed-IP-Address = 146.151.211.254
This is the same as the first entry.
> according to
>
> http://wiki.freeradius.org/Proxy#What_Happens
>
> "Then the users file is processed as usual. The username used at this
> point is the one after hints file processing (regardless of the "hints"
> option). It also includes the realm (regardless of the setting of the
> "nostrip" option) unless the realm is LOCAL."
Hmm... I think that's wrong.
> Here is the debug from a login. How do I further troubleshoot why the
> local users file is not being matched?
Go back and read the "users" file. The debug log shows it matching on
line 84, are you *sure* that the "mdhare" entries are before that?
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list