Eduroam and Univention freeradius setup

Alan DeKok aland at deployingradius.com
Thu Oct 15 23:49:23 CEST 2020


On Oct 15, 2020, at 5:13 PM, Eric Browning via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> I can authenticate my test eduroam testuser with it's "@eduroam.us" but
> when I try to authenticate one of my own users "
> testuser at skaggscatholiccenter.org" it just gets proxied back to eduroam via
> the default realm.  I have attempted to make realm skaggscatholiccenter.org {
> and it just skips over it right to default after looking for NULL.

  The debug log shows...

> realm SKAGGSCATHOLICC {
> }

  That's not "skaggscatholiccenter.org"

> Ready to process requests
> (0) Received Access-Request Id 192 from 163.253.31.2:49082 to
> 172.16.0.97:1812 length 258
> (0)   User-Name = "testuser at skaggscatholiccenter.org"

  Which isn't the same as the "realm" you added.

> (0)     [mschap] = noop
> (0) ntdomain: Checking for prefix before "\"
> (0) ntdomain: No '\' in User-Name = "testuser at skaggscatholiccenter.org",
> looking up realm NULL
> (0) ntdomain: Found realm "DEFAULT"
> (0) ntdomain: Adding Realm = "DEFAULT"
> (0) ntdomain: Proxying request from user testuser at skaggscatholiccenter.org to
> realm DEFAULT
> (0) ntdomain: Preparing to proxy authentication request to realm "DEFAULT"
> (0)     [ntdomain] = updated

  You've also removed the "suffix" module from the default config.  The "suffix" module checks for "user at realm".

  The "ntdomain" module checks for "REALM\user".

1) create a realm with the correct name

2) add the "suffix" module back in, before the "ntdomain" module in sites-enabled/default

  It will then work.

  Alan DeKok.




More information about the Freeradius-Users mailing list