Realm

Phil Mayers p.mayers at imperial.ac.uk
Wed Jan 23 15:58:56 CET 2013


On 23/01/13 14:47, Miha wrote:
> Hi,
>
> my radius client is sending with user-name and password aslo realm. I
> can not disable sending realm, is it possible to configure radius that
> will not user realm with user-name (user-name at realm)?
>
> [digest] Digest-Attributes look OK.  Converting them to something more
> usful.
> *Digest-User-Name = "018108500"*
> *Digest-Realm = "test1.opensips.softnet.si"*
>          Digest-Nonce = "510001fb00000006c9cc728438be21e324f917a5ea234380"
>          Digest-URI = "sip:+38588888882 at test1.opensips.test.si"
>          Digest-Method = "INVITE"
> [digest] Adding Auth-Type = DIGEST
> ++[digest] returns ok
> [suffix] Looking up realm "test1.opensips.softnet.si" for User-Name =
> *"018108500 at test1.opensips.**test.si*"
> [suffix] No such realm "test1.opensips.softnet.si"
> ++[suffix] returns noop
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[files] returns noop
> [sql]   expand: %{User-Name} -> *018108500 at test1.opensips.**test.si*
>
>
> Radius will need to chack only user-name (*018108500*).

Sure. The easiest option is something like this:

authorize {
   ...
   if (User-Name =~ /^(.+)@(.+)$/) {
     update request {
       Stripped-User-Name := "%{1}"
       Realm := "%{2}"
     }
   }
   ...
}

...and then ensure your SQL/files/whatever modules use an appropriate 
expansion for their "key" value e.g.

sql {
   ...
   sql_user_name = "%{%{Stripped-User-Name}:-%{User-Name}}"
   ...
}

This is the default. So basically, you identify the realm yourself, set 
"Stripped-User-Name", and use that.


More information about the Freeradius-Users mailing list