pb with realm
Hocine M
hocine.maoucha at free.fr
Thu Feb 7 10:31:54 CET 2013
I've done it...it seems working.
Thank a lot.
Le 06/02/2013 11:40, Phil Mayers a écrit :
> On 06/02/13 10:03, Hocine M wrote:
>> Hi ,
>>
>> I have a problem with some user proxied.
>>
>> In the accounting-request the username is stripped and realm is NULL.
>>
>> Why le realm is lost?
>
> The User-Name in the accounting packets is overridden by the User-Name
> in the Access-Accept. In your case, your upstream proxy is returning a
> bare username in the Accept:
>
>> rad_recv: Access-Accept packet from host 193.51.224.109 port 1812,
>> id=223, length=182
>> User-Name = "pierre.dupont\000"
>
> ...which you then send back to the NAS:
>
>> Sending Access-Accept of id 13 to 192.168.58.5 port 20007
>> User-Name = "pierre.dupont\000"
>
> You can (and indeed, should) use a piece of "unlang" to re-insert /
> validate the realm in the case; we have this config:
>
> post-proxy {
>
> # Clean up the reply username
> if (proxy-reply:User-Name =~ /^(.*)@.*/) {
> # rewrite user at anything to user at theauthrealm
> # i.e. we don't trust the reply realm
> update proxy-reply {
> User-Name := "%{1}@%{Realm}"
> }
> }
> elsif (proxy-reply:User-Name) {
> # no @ i.e. realm in the reply username
> # append the realm used for forwarding
> update proxy-reply {
> User-Name := "%{proxy-reply:User-Name}@%{Realm}"
> }
> }
> else {
> # no reply username at all. add one
> update proxy-reply {
> User-Name := "%{request:User-Name}"
> }
> }
> }
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130207/53936797/attachment.html>
More information about the Freeradius-Users
mailing list