authenticate realm no matter what username is

Barry Murphy barry at vibecommunications.co.nz
Sun Aug 28 01:45:59 CEST 2011 

Same thing unfortunately…

Users file
DEFAULT User-Name =~ ".*\\.xnet\\.co\\.nz$"
Auth-Type := Accept,
Pool-Name := un-auth,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Cisco-Avpair += "ip:vrf-id=Suspended",
Cisco-Avpair += "ip:ip-unnumbered=Loopback 1000",


root at radius01-new:~#  radtest barry at adsl.xnet.co.nz password localhost:1812 1812 testing123
Sending Access-Request of id 77 to 127.0.0.1 port 1812
User-Name = "barry at adsl.xnet.co.nz"
User-Password = "password"
NAS-IP-Address = 120.136.0.21
NAS-Port = 1812
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=77, length=20

Debug

Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 48547, id=77, length=73
User-Name = "barry at adsl.xnet.co.nz"
User-Password = "password"
NAS-IP-Address = 120.136.0.21
NAS-Port = 1812
+- entering group authorize {...}
++[preprocess] returns ok
[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] returns noop
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "adsl.xnet.co.nz" for User-Name = "barry at adsl.xnet.co.nz"
[suffix] Found realm "DEFAULT"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
expand: %{User-Name} -> barry at adsl.xnet.co.nz
[files] users: Matched entry DEFAULT at line 236
++[files] returns ok
expand: %{User-Name} -> barry at adsl.xnet.co.nz
[sql] sql_set_user escaped user --> 'barry at adsl.xnet.co.nz'
rlm_sql (sql): Reserving sql socket id: 3
expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'barry at adsl.xnet.co.nz'           ORDER BY id
expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = 'barry at adsl.xnet.co.nz'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
[sql] User barry at adsl.xnet.co.nz not found
++[sql] returns notfound
++[expiration] returns noop
++[logintime] returns noop
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Failed to authenticate the user.
Login incorrect: [barry at adsl.xnet.co.nz/password] (from client localhost port 1812)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
expand: %{User-Name} -> barry at adsl.xnet.co.nz
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 77 to 127.0.0.1 port 48547
Waking up in 4.9 seconds.
Cleaning up request 1 ID 77 with timestamp +34
Ready to process requests.

Thanks
Barry


From: Arran Cudbard-Bell <a.cudbardb at freeradius.org<mailto:a.cudbardb at freeradius.org>>
Reply-To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org<mailto:freeradius-users at lists.freeradius.org>>
Date: Fri, 26 Aug 2011 11:26:52 +0200
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org<mailto:freeradius-users at lists.freeradius.org>>
Subject: Re: authenticate realm no matter what username is


On 26 Aug 2011, at 11:16, Barry Murphy wrote:

Hey guys,

We're an ISP providing ADSL services ourselves and on behalf of our wholesalers. I have a bunch of realms that are LOCAL and proxied which work with no issues. I'm trying to add realms of competitors to our radius so when customers are migrated from our competitors to our network they get authenticated and I drop them into a VRF displaying to them they need to change their login details. I've already got the VRF working, the forwarder page etc, I just can't seem to get users to authenticate with a wildcard *@dsl.competitor.co.nz<mailto:*@dsl.competitor.co.nz>

I have tried the following varies in users file…

DEFAULT User-Name =~ "~*\\.xnet\\.co\\.nz$"


Surely you want

User-Name =~ ".*\\.xnet\\.co\\.nz$" ?

Arran Cudbard-Bell
a.cudbardb at freeradius.org<mailto:a.cudbardb at freeradius.org>

RADIUS - Half the complexity of Diameter

- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110827/5332469a/attachment.html>

More information about the Freeradius-Users mailing list