Is there a way of getting radius to authenicate on the username before the @ sign and ignore the realm?
Yes, but you have to edit the "users" file to get rid of the "@realm" portion, and configure the realms as LOCAL ones.
The object is to not to have to configure any realms as local. So that Radius will try to auth any realm that isn't to be proxied. If I have a user whose username is user1@arealm.com I can easily specify arealm.com as local. But if by mistake the user types the username as user1@brealm.com auth will just fail because the realm isn't specified in proxy.conf.
What does debugging mode say?
Exactly what you'd expect it to say if the realm isn't in proxy.conf: ##### rad_recv: Access-Request packet from host 127.0.0.1:33499, id=115, length=68 User-Name = "user1@arealm.com" User-Password = "acc355" NAS-IP-Address = 255.255.255.255 NAS-Port = 1645 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: Looking up realm "arealm.com" for User-Name = "user1@arealm.com" rlm_realm: No such realm "arealm.com" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 2 modcall[authorize]: module "files" returns notfound for request 2 modcall: group authorize returns ok for request 2 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [user1@arealm.com/acc355] (from client localhost port 1645) Delaying request 2 for 1 seconds Finished request 2 ###### The user doesn't exist as the entry in users just has the username as "user1" and the request is sending user1@arealm.com. I want radius to first check to see if the request needs to be proxied. If not then authenticate it locally no matter what the realm is but before authenticating it strip off the realm and just use everything before the @ sign as the username. Tony