User-Name missing realm in Access-Accept

Alain Péan alain.pean at lpn.cnrs.fr
Wed Aug 12 17:41:02 CEST 2015


Hi David,

Le 12/08/2015 17:02, David Aldwinckle a écrit :
> FreeRADIUS Version 2.1.12
>
> It has been brought to my attention that my FreeRadius servers are
> responding to proxied requests from eduroam without the suffix portion
> of the user name. This is causing accounting issues for other
> institutions.
>
> In inner-tunnel, I have tried to add:
>
>          post-auth {
>                  update outer.reply {
>                          User-Name = "%{request:User-Name}"
>                  }
>          }
>
> I also have use_tunneled_reply = yes in eap.conf

I have the same version of freeradius (because Ubuntu 14.04...). To 
achieve what you want, I put in the file sites-enables/default (wich is 
a link to the file in sites-available), inside the section authorize :

#  We reject login without realm (to force users to put the realm, even 
locally)
     if ( request:Realm == NULL ) {
         update reply {
             Reply-Message := "Username should be in the format 
username at domain"
         }
         reject
     }

In my case, it works.

Best Regards,
Alain

-- 
Administrateur Système/Réseau
Laboratoire de Photonique et Nanostructures (LPN/CNRS - UPR20)
Centre de Recherche Alcatel Data IV - Marcoussis
route de Nozay - 91460 Marcoussis
Tel : 01-69-63-61-34




More information about the Freeradius-Users mailing list