Realm question..

Kevin Bonner keb at pa.net
Tue Apr 25 23:56:12 CEST 2006


On Tuesday 25 April 2006 01:43, TS wrote:
> >  What does debugging mode say?
>
> Exactly what you'd expect it to say if the realm isn't in proxy.conf:
>
> #####
> rad_recv: Access-Request packet from host 127.0.0.1:33499, id=115,
> length=68 User-Name = "user1 at arealm.com"
>         User-Password = "acc355"
> ...
> 
> The user doesn't exist as the entry in users just has the username as
> "user1" and the request is sending user1 at arealm.com.

The original users example you posted had the username of "user1 at arealm.com" 
with a password of "secret".  Here you say the users file has just "user1".  
Which is correct?

> I want radius to first check to see if the request needs to be proxied.

It will do this if you have a realm module listed in the authorize section.  
The suffix realm module is listed in the default config.

> If not then authenticate it locally no matter what the realm is but before
> authenticating it strip off the realm and just use everything before the @
> sign as the username.

Alan's hint to use LOCAL is still correct.  If you know the realms people will 
be using, you can list them in the proxy.conf file.  If you want to catch any 
realm not already defined and send that to local auth, that is pretty easy to 
accomplish.

Please read doc/proxy for a better understanding of how realms work with 
proxying, and also how the 2 special realms work.  If you're still stumped, 
post back with your questions.

Kevin Bonner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060425/5e7b0f6d/attachment.pgp>


More information about the Freeradius-Users mailing list