stripping the realm

geebs gweebo at gmail.com
Sun Jun 9 08:49:36 CEST 2013


Hello,

Not sure what I'm missing here, i seem to not be able to get this to work.
One of those things, I've done it many times yet I've missed a step I think.
This server is used to authenticate pppoe connections on a cisco router.

I just want freeradius to strip the realm every time.


Debian Wheezy
 freeradius -XX
Sun Jun  9 16:43:58 2013 : Info: FreeRADIUS Version 2.1.12, for host
x86_64-pc-linux-gnu, built on Dec 16 2012 at 13:28:43


It works fine without a realm, returns all the right values;

root at chronos:/etc/freeradius# radtest testaccount test1234 localhost 0
testing123
Sending Access-Request of id 95 to 127.0.0.1 port 1812
        User-Name = "testaccount"
        User-Password = "test1234"
        NAS-IP-Address = 127.0.1.1
        NAS-Port = 0
        Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=95,
length=56
        Framed-IP-Address = 10.8.13.19
        Tunnel-Type:0 = L2TP
        Tunnel-Medium-Type:0 = IPv4
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Framed-IP-Netmask = 255.255.255.255
root at chronos:/etc/freeradius#




With a realm, no good.

rad_recv: Access-Request packet from host 127.0.0.1 port 52011, id=44,
length=92
        User-Name = "testaccount at domain.com"
        User-Password = "test1234"
        NAS-IP-Address = 127.0.1.1
        NAS-Port = 0
        Message-Authenticator = 0x6c233bef9def046c0b422486e2aef3a1
Sun Jun  9 16:46:05 2013 : Info: # Executing section authorize from file
/etc/freeradius/sites-enabled/default
Sun Jun  9 16:46:05 2013 : Info: +- entering group authorize {...}
Sun Jun  9 16:46:05 2013 : Info: ++[preprocess] returns ok
Sun Jun  9 16:46:05 2013 : Info: ++[chap] returns noop
Sun Jun  9 16:46:05 2013 : Info: ++[mschap] returns noop
Sun Jun  9 16:46:05 2013 : Info: ++[digest] returns noop
Sun Jun  9 16:46:05 2013 : Info: [suffix] Looking up realm "domain.com" for
User-Name = "testaccount at domain.com"
Sun Jun  9 16:46:05 2013 : Info: [suffix] No such realm "domain.com"
Sun Jun  9 16:46:05 2013 : Info: ++[suffix] returns noop
Sun Jun  9 16:46:05 2013 : Info: [eap] No EAP-Message, not doing EAP
Sun Jun  9 16:46:05 2013 : Info: ++[eap] returns noop
Sun Jun  9 16:46:05 2013 : Info: ++[files] returns noop
Sun Jun  9 16:46:05 2013 : Info: [sql]  expand: %{User-Name} ->
testaccount at domain.com
Sun Jun  9 16:46:05 2013 : Info: [sql] sql_set_user escaped user --> '
testaccount at domain.com'
Sun Jun  9 16:46:05 2013 : Debug: rlm_sql (sql): Reserving sql socket id: 3
Sun Jun  9 16:46:05 2013 : Info: [sql]  expand: SELECT id, username,
attribute, value, op           FROM radcheck           WHERE username =
'%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute,
value, op           FROM radcheck           WHERE username = '
testaccount at domain.com'           ORDER BY id
Sun Jun  9 16:46:05 2013 : Info: [sql]  expand: SELECT groupname
FROM radusergroup           WHERE username = '%{SQL-User-Name}'
ORDER BY priority -> SELECT groupname           FROM radusergroup
WHERE username = 'testaccount at domain.com'           ORDER BY priority
Sun Jun  9 16:46:05 2013 : Debug: rlm_sql (sql): Released sql socket id: 3
Sun Jun  9 16:46:05 2013 : Info: [sql] User testaccount at domain.com not found
Sun Jun  9 16:46:05 2013 : Info: ++[sql] returns notfound
Sun Jun  9 16:46:05 2013 : Info: ++[expiration] returns noop
Sun Jun  9 16:46:05 2013 : Info: ++[logintime] returns noop
Sun Jun  9 16:46:05 2013 : Info: [pap] WARNING! No "known good" password
found for the user.  Authentication may fail because of this.
Sun Jun  9 16:46:05 2013 : Info: ++[pap] returns noop
Sun Jun  9 16:46:05 2013 : Info: ERROR: No authenticate method (Auth-Type)
found for the request: Rejecting the user
Sun Jun  9 16:46:05 2013 : Info: Failed to authenticate the user.
Sun Jun  9 16:46:05 2013 : Info: Using Post-Auth-Type Reject
Sun Jun  9 16:46:05 2013 : Info: # Executing group from file
/etc/freeradius/sites-enabled/default
Sun Jun  9 16:46:05 2013 : Info: +- entering group REJECT {...}
Sun Jun  9 16:46:05 2013 : Info: [attr_filter.access_reject]    expand:
%{User-Name} -> testaccount at domain.com
Sun Jun  9 16:46:05 2013 : Debug: attr_filter: Matched entry DEFAULT at
line 11
Sun Jun  9 16:46:05 2013 : Info: ++[attr_filter.access_reject] returns
updated
Sun Jun  9 16:46:05 2013 : Info: Delaying reject of request 0 for 1 seconds
Sun Jun  9 16:46:05 2013 : Debug: Going to the next request
Sun Jun  9 16:46:05 2013 : Debug: Waking up in 0.9 seconds.
Sun Jun  9 16:46:06 2013 : Info: Sending delayed reject for request 0
Sending Access-Reject of id 44 to 127.0.0.1 port 52011
Sun Jun  9 16:46:06 2013 : Debug: Waking up in 4.9 seconds.


I don't recall having to setup a realm in previous installs.
However I did used to use an older version of freeradius.

Thanks in advance :)
Jules.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130609/91075fa8/attachment.html>


More information about the Freeradius-Users mailing list