<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

  <head>

    <meta content="text/html; charset=ISO-8859-1"

      http-equiv="Content-Type">

    <title></title>

  </head>

  <body bgcolor="#ffffff" text="#000000">

    <font size="-1">I've done it...it seems working.<br>

      Thank a lot.<br>

    </font><br>

    Le 06/02/2013 11:40, Phil Mayers a écrit :

    <blockquote cite="mid:51123329.9040101@imperial.ac.uk" type="cite">On

      06/02/13 10:03, Hocine M wrote:

      <br>

      <blockquote type="cite">Hi ,

        <br>

        <br>

        I have a problem with some user proxied.

        <br>

        <br>

        In  the accounting-request the username is stripped and realm is

        NULL.

        <br>

        <br>

        Why le realm is lost?

        <br>

      </blockquote>

      <br>

      The User-Name in the accounting packets is overridden by the

      User-Name in the Access-Accept. In your case, your upstream proxy

      is returning a bare username in the Accept:

      <br>

      <br>

      <blockquote type="cite">rad_recv: Access-Accept packet from host

        193.51.224.109 port 1812,

        <br>

        id=223, length=182

        <br>

             User-Name = "pierre.dupont\000"

        <br>

      </blockquote>

      <br>

      ...which you then send back to the NAS:

      <br>

      <br>

      <blockquote type="cite">Sending Access-Accept of id 13 to

        192.168.58.5 port 20007

        <br>

             User-Name = "pierre.dupont\000"

        <br>

      </blockquote>

      <br>

      You can (and indeed, should) use a piece of "unlang" to re-insert

      / validate the realm in the case; we have this config:

      <br>

      <br>

      post-proxy {

      <br>

      <br>

              # Clean up the reply username

      <br>

              if (proxy-reply:User-Name =~ /^(.*)@.*/) {

      <br>

                      # rewrite user@anything to user@theauthrealm

      <br>

                      # i.e. we don't trust the reply realm

      <br>

                      update proxy-reply {

      <br>

                              User-Name := "%{1}@%{Realm}"

      <br>

                      }

      <br>

              }

      <br>

              elsif (proxy-reply:User-Name) {

      <br>

                      # no @ i.e. realm in the reply username

      <br>

                      # append the realm used for forwarding

      <br>

                      update proxy-reply {

      <br>

                              User-Name :=

      "%{proxy-reply:User-Name}@%{Realm}"

      <br>

                      }

      <br>

              }

      <br>

              else {

      <br>

                      # no reply username at all. add one

      <br>

                      update proxy-reply {

      <br>

                              User-Name := "%{request:User-Name}"

      <br>

                      }

      <br>

              }

      <br>

      }

      <br>

      -

      <br>

      List info/subscribe/unsubscribe? See

      <a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a>

      <br>

    </blockquote>

  </body>

</html>