Problem with NULL realm..

Mark J Elkins mje at posix.co.za
Mon Jul 9 11:58:24 CEST 2007 

I have an old instance of icradius - which - when users had a static IP
allocated - login would fail if there was a realm present but work just
fine if the realm was missing. This was in the old, dark days - when
everyone was in the same realm.
Now - freeradius works just fine with a full realm based login and statc
IP but I have a number of users both with and without static IP's who
don't have their realm as part of their login ID..
ie rather than 'joe at pop.co.za' - they just use 'joe'.

The easiest solution would be - if (REALM == NULL) - add on the default
realm.

There are about 10 different realms being used - as well as the 'default'.

Anyway..
In proxy.conf - I have uncommented ..
realm NULL {
    type        = radius
    authhost    = LOCAL
    accthost    = LOCAL
}

(This is now the last 'realm' definition in this file - in case order
matters. 'DEFAULT' is still commented)

In my sql.conf - I have code that looks like... 

... Username='%{Stripped-User-Name}' AND realm='%{Realm:-pop.co.za}' AND
....

ie - if the REALM is missing - it should default to 'pop.co.za'...

Anyway - still getting incorrect logins....

A radiusd -X shows me that   .."WHERE Username='mje' AND realm='NULL'
AND"...

ie - If there is no realm - its set to the string of four characters
'NULL' rather than the string '\0' ..
not what I was hoping for...

If the realm is missing - it can only refer to a user in the 'pop.co.za'
realm - and no other.

Suggestions?

ie - the equivalent of ...  if( ${Realm} == "NULL") Realm="pop.co.za"
..put somewhere.


ps. It would be very useful if one could run radiusd in '-X' mode based
on some criteria - such as the Realm or the Nas,
especially on a busy server - just for matching packets.

(in proxy.conf .. syntax of
realm myrealm.com {
    type        = radius
    authhost    = LOCAL
    accthost    = LOCAL
    debug       = yes
}

or in clients.conf
client  access.pop.co.za {
    secret      = very
    shortname   = access
    nastype     = cisco
    debug       =  yes
}
)






-- 
  .  .     ___. .__      Posix Systems - Sth Africa
 /| /|       / /__       mje at posix.co.za  -  Mark J Elkins, SCO ACE, Cisco CCIE
/ |/ |ARK \_/ /__ LKINS  Tel: +27 12 807 0590  Cell: +27 82 601 0496

More information about the Freeradius-Users mailing list