Proxy question
Phil Mayers
p.mayers at imperial.ac.uk
Sat Oct 7 13:43:17 CEST 2006
Roberto Greiner wrote:
> Alan DeKok wrote:
>> Roberto Greiner <mrgreiner at gmail.com> wrote:
>>
>>>> Show the *full* log.
>>>>
>>> rad_recv: Access-Request packet from host E.F.G.H:4126, id=4, length=62
>>> User-Name = "rgreiner at test.com"
>>>
>> Is this the log from the home server? If so, why? You already said
>> the username wasn't stripped, so showing that the home server receives
>> it non-stripped is pointless.
>>
>> If this is the log from the proxying server, then it's not doing
>> proxying, so of course it isn't stripping the username.
>>
>>
>>> rlm_realm: Adding Stripped-User-Name = "rgreiner"
>>> rlm_realm: Proxying request from user rgreiner to realm test.com
>>> rlm_realm: Adding Realm = "test.com"
>>> rlm_realm: Authentication realm is LOCAL.
>>>
>> You've marked that realm as something that shouldn't be proxied.
>> Why do you expect it to be proxied?
>>
> Actually I don't wan't it to be proxied, only that it removes the realm
> part to handle it locally. But it's comparing the full entry (with
> realm) against the database name, instead of only the login.
Oh, also if you do want to continue using the "realm" module, look at:
sql_user_name = "%{Stripped-User-Name:-%{User-Name:-DEFAULT}}
Note the Stripped-User-Name. Ensure the realm has "strip" set as an option
More information about the Freeradius-Users
mailing list