proxy.conf problem: username send with suffix
Hi, what is wrong in this configuration: # A standard realm entry. A request from "user@company.com" will be # sent to radius.company.com as "user", unless the 'nostrip' # configuration item is specified. If the 'nostrip' configuration # item is specified, then the request will be proxied as # "user@company.com" # realm tu-dortmund.de { type = radius authhost = LOCAL accthost = LOCAL } but freeradius takes username@tu-dortmund.de to check against radcheck. debug output: rad_recv: Access-Request packet from host 129.217.169.191:32769, id=14, length=280 User-Name = "mhanborn@tu-dortmund.de" Calling-Station-Id = "00-19-D2-CF-E5-50" Called-Station-Id = "00-0B-85-60-39-10:ITMC-WPA2" NAS-Port = 29 NAS-IP-Address = 129.217.157.246 NAS-Identifier = "mh-wlc4" Airespace-Wlan-Id = 5 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "3503" EAP-Message = 0x0210005019800000004616030100410100003d03014832b93a0818b6073bdbd9b486630753af0d0f2e0469e2b071963d5240815fae00001600040005000a000900640062000300060013001200630100 State = 0x622cbb3df28c136e779e7cacb89d1a8d Message-Authenticator = 0xc969e31716dd9b76025be36ae5e396e4 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 81 modcall[authorize]: module "preprocess" returns ok for request 81 modcall[authorize]: module "chap" returns noop for request 81 modcall[authorize]: module "mschap" returns noop for request 81 rlm_realm: Looking up realm "tu-dortmund.de" for User-Name = "mhanborn@tu-dortmund.de" rlm_realm: Found realm "tu-dortmund.de" rlm_realm: Adding Stripped-User-Name = "mhanborn" rlm_realm: Proxying request from user mhanborn to realm tu-dortmund.de rlm_realm: Adding Realm = "tu-dortmund.de" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 81 rlm_eap: EAP packet type response id 16 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 81 radius_xlat: 'mhanborn@tu-dortmund.de' rlm_sql (sql): sql_set_user escaped user --> 'mhanborn@tu-dortmund.de' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'mhanborn@tu-dortmund.de' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 2 rlm_sql (sql): User mhanborn@tu-dortmund.de not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'mhanborn@tu-dortmund.de' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'mhanborn@tu-dortmund.de' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): User mhanborn@tu-dortmund.de not found in radgroupcheck Thanks Hans -- Hans Bornemann Universitaet Dortmund - ITMC Tel. ++49 231 755 2132 Fax. ++49 231 755 2731
Hi,
what is wrong in this configuration:
you havent configured your SQL to use the Stripped-UserName, you have the default configuration that uses the UserName SQL-User-Name = "%{User-Name}" or somesuch. depending on your version of radiusd, simply check the sql.conf or dialup.conf file to find the line that sets it, if you are lucky, you will see the very handy line to use instead which will set it to stripped username, if not stripped, then username, if not username then DEFAULT value from engine. et voila! it will work alan
participants (2)
-
A.L.M.Buxey@lboro.ac.uk -
Hans Bornemann