Strip off the domain part from the User-Name
Phil Mayers
p.mayers at imperial.ac.uk
Sat Mar 26 11:59:37 CET 2011
On 03/25/2011 09:45 PM, Robert Roll wrote:
>
> Note that in the above the Realm is quite useful, but there is NO need to
> actually do proxy, so really no "REAL" need to get into the proxy.conf ?
This is a good reason to use unlang rather than realm. "realm" is
designed for proxying, always gets it list of realms from "proxy.conf"
and sets the control:Proxy-To-Realm attribute.
You also may not realise that user at undefined realm will set:
Stripped-User-Name = use
Realm = DEFAULT
i.e. the Realm value does *not* preserve the text after the @.
Your original problem (crazy loop) occurred because the DEFAULT realm
you defined in proxy.conf was pointing somewhere else - probably back at
the very same radius server, resulting in an infinite loop.
HTH
More information about the Freeradius-Users
mailing list