Realm question..

TS tony at thewordzone.co.uk
Tue Apr 25 05:55:20 CEST 2006


Hi all

We have a radius setup that we use to authenticate our own adsl users as
well as proxying radius to 2 other sources.
Our own radius entries use a realm after each username, a typical entry is:

############
user1 at arealm.com      Password == secret
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-Address = 10.0.0.3,
        Framed-Netmask = 255.255.255.255,
        Framed-Compression = Van-Jacobsen-TCP-IP

###########

Is there a way of getting radius to authenicate on the username before the @
sign and ignore the realm?
Obviously if the realm is one that we proxy then it should be proxied as
such and any that aren't in the proxy.conf file authenticated locally.

This may sound like an odd request but in the case of users typing the realm
incorrect but the username is Ok they can be authenticated still. Since we
only get sent authentication requests from realms that belong to us or the
people we proxy for locally it doesn't really matter what the realm is, the
user still has to have the correct password to authenticate.

In the case the user is one we proxy and the user types the realm incorrect
then they just won't be authenticated since it wouldn't be proxied and the
username would not exist in our radius users file, this is fine.

I've tried adding "strip" to the LOCAL entry in proxy.conf and also just
adding the entry:

############
user1      Password == secret
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-Address = 10.0.0.3,
        Framed-Netmask = 255.255.255.255,
        Framed-Compression = Van-Jacobsen-TCP-IP

###########

to the radius users file but it won't authenticate.

Thanks 
Tony




More information about the Freeradius-Users mailing list