hints and stripped-user-name

Lewis Bergman lbergman at wtxs.net
Tue Feb 14 21:38:29 CET 2006 

I have more hints trouble on another radius server. I want to look for a 
realm and strip it if it is there, else, send on the username untouched. 
Using a config that Alan gave me a while back to do the opposite I 
entered the below in my hints. Thought this would be easy but I am just 
not getting something. I think the two values I have tried to use 
(Stripped-User-Name and Strip-User-Name) are not yet set which is why 
the username comes up blank. So, how to strip the realm from the 
username and set User-Name to that?

I have this in my hints:
DEFAULT User-Name =~ ".*@", NAS-IP-Address == "69.39.33.242"
         User-Name := "%{Stripped-User-Name}"
# also tried Strip-User-Name in place of Stripped-User-Name with same 
#result

The parts of the radiusd -X I think are pertinent follow:
rad_recv: Access-Request packet from host 69.39.33.242:1812, id=177, 
length=205
         User-Name = "renisdn at camalott.com"
--snip--
   hints: Matched DEFAULT at 80 <-- this is the entry above from hints
radius_xlat:  ''               <-- Stripped-User-Name not set yet?
--snip--
     rlm_realm: No '@' in User-Name = "", looking up realm NULL
--snip--
auth: Failed to validate the user.
Login incorrect: [/boilers1] (from client NAS0hpr1ABI port 14081)
                  ^^-- so username is definately set to null

Here is the full radiusd -X for this user:
rad_recv: Access-Request packet from host 69.39.33.242:1812, id=177, 
length=205
         User-Name = "renisdn at camalott.com"
         User-Password = "passhere"
         NAS-IP-Address = 69.39.33.242
         NAS-Identifier = "69.39.33.242"
         NAS-Port = 14081
         Acct-Session-Id = "renisdn at camalott.com1"
         USR-Interface-Index = 0
         USR-Supports-Tags = 0
         Service-Type = Login-User
         USR-Chassis-Call-Slot = 56
         USR-Chassis-Call-Span = 1
         USR-Chassis-Call-Channel = 1
         USR-Connect-Speed = NONE
         NAS-Port-Type = Virtual
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
   hints: Matched DEFAULT at 80
radius_xlat:  ''
   modcall[authorize]: module "preprocess" returns ok for request 2
   modcall[authorize]: module "chap" returns noop for request 2
   modcall[authorize]: module "mschap" returns noop for request 2
   modcall[authorize]: module "digest" returns noop for request 2
     rlm_realm: No '@' in User-Name = "", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 2
   rlm_eap: No EAP-Message, not doing EAP
   modcall[authorize]: module "eap" returns noop for request 2
     users: Matched DEFAULT at 151
     users: Matched DEFAULT at 330
   modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns ok for request 2
   rad_check_password:  Found Auth-Type System
auth: type "System"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
   modcall[authenticate]: module "unix" returns notfound for request 2
modcall: group authenticate returns notfound for request 2
auth: Failed to validate the user.
Login incorrect: [/boilers1] (from client NAS0hpr1ABI port 14081)


As always, help is greatly appreciated.
-- 
Lewis Bergman
Texas Communications
4309 Maple St.
Abilene, TX 79602-8044
Off. 325-691-1301
Cell 325-439-0533
fax  325-695-6841

More information about the Freeradius-Users mailing list