computer authentication

Dan Letkeman danletkeman at gmail.com
Sun Dec 9 21:18:57 CET 2012


SOLVED.  Modified my proxy.conf file as per another list post.  You cannot
just add the 'nostrip' option to the realm.  You must remove the
home_server  and home_server_pool, but keep the options from the
home_server and put them under the realm.

This solves the DOS loop problem.

Example proxy.conf:

proxy server {
        default_fallback = no
}

realm example.com {

        type = auth
        ipaddr = 127.0.0.1
        port = 1812
        secret = testing123
        require_message_authenticator = yes
        response_window = 20
        zombie_period = 40
        revive_interval = 120
        status_check = status-server
        check_interval = 30
        num_answers_to_alive = 3
        max_outstanding = 65536
        coa {
                irt = 2
                mrt = 16
                mrc = 5
                mrd = 30
        }
        nostrip
}

realm LOCAL {
}





On Sun, Dec 9, 2012 at 1:56 PM, Dan Letkeman <danletkeman at gmail.com> wrote:

> Here is my proxy.conf file contents:
>
>
> proxy server {
>
>
>
>         default_fallback = no
>
> }
>
>
> home_server localhost {
>         type = auth
>
>         ipaddr = 127.0.0.1
>
>
>
>
>         port = 1812
>
>         secret = testing123
>
>
>
>         require_message_authenticator = yes
>
>         response_window = 20
>
>
>         zombie_period = 40
>
>
>         revive_interval = 120
>
>         status_check = status-server
>
>
>         check_interval = 30
>
>         num_answers_to_alive = 3
>
>         max_outstanding = 65536
>
>         coa {
>                 irt = 2
>
>                 mrt = 16
>
>                 mrc = 5
>
>                 mrd = 30
>         }
> }
>
>
> home_server_pool my_auth_failover {
>         type = fail-over
>
>
>         home_server = localhost
>
>
>
> }
>
>
> realm example.com {
>
>         auth_pool = my_auth_failover
>
>         nostrip
>
> }
>
>
>
> realm LOCAL {
> }
>
>
>
> On Sun, Dec 9, 2012 at 11:09 AM, Dan Letkeman <danletkeman at gmail.com>wrote:
>
>> Alan,
>>
>> I have added 'nostrip' to the realm example.com and it looks like it has
>> problems with that.  Possibly some sort of loop?
>>
>> https://docs.google.com/open?id=0B57E1K2jJi4DZGwzSUtDajdQV2s
>>
>>
>>
>>
>> On Sun, Dec 9, 2012 at 9:58 AM, Alan Buxey <A.L.M.Buxey at lboro.ac.uk>wrote:
>>
>>> Hi,
>>>
>>> >    [eap] Identity does not match User-Name, setting from EAP Identity.
>>>
>>> EAP doesnt like the user-name being played around with....ensure that
>>> you 'nostrip'
>>> in your proxy.conf for the realm you are handling....or use
>>> 'stripped-user-name'
>>> for the checks/handlers.
>>>
>>>
>>> alan
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20121209/ce2249f0/attachment-0001.html>


More information about the Freeradius-Users mailing list