Default realm in 2.0.0-pre1
Pshem Kowalczyk
pshem.k at gmail.com
Mon Jul 9 13:01:12 CEST 2007
Hi,
I'm building 'backend' radius servers, that only have to know about
one domain - the default one, despite the stuff the users put into
their login names.
I have the following config (proxy.conf):
proxy server {
default_fallback = no
}
realm LOCAL {
}
realm NULL {
authhost = LOCAL
accthost = LOCAL
secret = NONE
}
realm DEFAULT {
authhost = LOCAL
accthost = LOCAL
secret = NONE
}
But when I try to auth something that has a domain - it doesn't get
recognised properly:
Config: including file: /etc/freeradius/radiusd.conf
Config: including file: /etc/freeradius/proxy.conf
Config: including file: /etc/freeradius/clients.conf
Config: including file: /etc/freeradius/snmp.conf
Config: including file: /etc/freeradius/sql.conf
Config: including file: /etc/freeradius/sql/postgresql-auth.conf
Config: including file: /etc/freeradius/sql/postgresql-acct.conf
FreeRADIUS Version 2.0.0-pre1, for host i486-pc-linux-gnu, built on
Jul 2 2007 at 17:42:30
Starting - reading configuration files ...
read_config_files: reading dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/freeradius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
snmp = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
log_stripped_names = yes
log_file = "/var/log/freeradius/radius.log"
log_auth = no
log_auth_badpass = yes
log_auth_goodpass = no
pidfile = "/var/run/freeradius/freeradius.pid"
user = "freerad"
group = "freerad"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
syslog_facility = "daemon"
}
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
realm LOCAL {
ldflag = fail_over
}
realm NULL {
ldflag = fail_over
secret = NONE
}
realm DEFAULT {
ldflag = fail_over
secret = NONE
}
port = 1812
listen {
type = "auth"
ipaddr = *
port = 1812
}
listen {
type = "acct"
ipaddr = *
port = 1813
}
client 127.0.0.1 {
secret = "testing123"
shortname = "localhost"
nastype = "other"
}
client 10.119.10.23/32 {
secret = "xyz"
shortname = "akl-grafton-radproxy1"
}
client 10.119.10.24/32 {
secret = "xyz"
shortname = "akl-grafton-radproxy2"
}
radiusd: entering modules setup
radiusd: Library search path is /usr/lib/freeradius
instantiate {
}
modules {
Module: Instantiating section authenticate
Module: Linked to module rlm_pap
Module: Instantiating pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Instantiating section authorize
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
preprocess {
huntgroups = "/etc/freeradius/huntgroups"
hints = "/etc/freeradius/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = yes
with_alvarion_vsa_hack = no
}
Module: Linked to module rlm_detail
Module: Instantiating auth_log
detail auth_log {
detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_realm
Module: Instantiating suffix
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = yes
}
Module: Linked to module rlm_sql
Module: Instantiating sql_auth
sql sql_auth {
driver = "rlm_sql_postgresql"
server = "10.119.15.5"
port = ""
login = "raduser"
password = "raduser"
radius_db = "radbackend"
sqltrace = no
sqltracefile = "/var/log/freeradius/sqltrace.sql"
readclients = no
deletestalesessions = yes
num_sql_socks = 5
sql_user_name = "%{Stripped-User-Name:-%{User-Name}}"
default_user_profile = ""
safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
/"
QUERIES STRIPPED
}
rlm_sql (sql_auth): Driver rlm_sql_postgresql (module
rlm_sql_postgresql) loaded and linked
rlm_sql (sql_auth): Attempting to connect to raduser at 10.119.15.5:/radbackend
rlm_sql (sql_auth): starting 0
rlm_sql (sql_auth): Attempting to connect rlm_sql_postgresql #0
rlm_sql (sql_auth): Connected new DB handle, #0
rlm_sql (sql_auth): starting 1
rlm_sql (sql_auth): Attempting to connect rlm_sql_postgresql #1
rlm_sql (sql_auth): Connected new DB handle, #1
rlm_sql (sql_auth): starting 2
rlm_sql (sql_auth): Attempting to connect rlm_sql_postgresql #2
rlm_sql (sql_auth): Connected new DB handle, #2
rlm_sql (sql_auth): starting 3
rlm_sql (sql_auth): Attempting to connect rlm_sql_postgresql #3
rlm_sql (sql_auth): Connected new DB handle, #3
rlm_sql (sql_auth): starting 4
rlm_sql (sql_auth): Attempting to connect rlm_sql_postgresql #4
rlm_sql (sql_auth): Connected new DB handle, #4
Module: Instantiating section preacct
Module: Linked to module rlm_acct_unique
Module: Instantiating acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
}
Module: Instantiating section accounting
Module: Instantiating detail
detail {
detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating sql_acct
sql sql_acct {
driver = "rlm_sql_postgresql"
server = "10.119.15.6"
port = ""
login = "raduser"
password = "raduser"
radius_db = "radbackend"
sqltrace = no
sqltracefile = "/var/log/freeradius/sqltrace.sql"
readclients = no
deletestalesessions = yes
num_sql_socks = 5
sql_user_name = "%{Stripped-User-Name:-%{User-Name}}"
default_user_profile = ""
QUERIES STRIPPED
}
rlm_sql (sql_acct): Driver rlm_sql_postgresql (module
rlm_sql_postgresql) loaded and linked
rlm_sql (sql_acct): Attempting to connect to raduser at 10.119.15.6:/radbackend
rlm_sql (sql_acct): starting 0
rlm_sql (sql_acct): Attempting to connect rlm_sql_postgresql #0
rlm_sql (sql_acct): Connected new DB handle, #0
rlm_sql (sql_acct): starting 1
rlm_sql (sql_acct): Attempting to connect rlm_sql_postgresql #1
rlm_sql (sql_acct): Connected new DB handle, #1
rlm_sql (sql_acct): starting 2
rlm_sql (sql_acct): Attempting to connect rlm_sql_postgresql #2
rlm_sql (sql_acct): Connected new DB handle, #2
rlm_sql (sql_acct): starting 3
rlm_sql (sql_acct): Attempting to connect rlm_sql_postgresql #3
rlm_sql (sql_acct): Connected new DB handle, #3
rlm_sql (sql_acct): starting 4
rlm_sql (sql_acct): Attempting to connect rlm_sql_postgresql #4
rlm_sql (sql_acct): Connected new DB handle, #4
Module: Linked to module rlm_attr_filter
Module: Instantiating attr_filter.accounting_response
attr_filter attr_filter.accounting_response {
attrsfile = "/etc/freeradius/attrs.accounting_response"
key = "%{User-Name}"
}
Module: Instantiating section post-auth
Module: Instantiating reply_log
detail reply_log {
detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating attr_filter.access_reject
attr_filter attr_filter.access_reject {
attrsfile = "/etc/freeradius/attrs.access_reject"
key = "%{User-Name}"
}
}
Initializing the thread pool...
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
Nothing to do. Sleeping until we see a request.
Processing the authorize section of radiusd.conf
+- entering group authorize
hints: Matched DEFAULT at 4
++[preprocess] returns ok
radius_xlat: '/var/log/freeradius/radacct/127.0.0.1/auth-detail-20070709'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/1
27.0.0.1/auth-detail-20070709
radius_xlat: 'Mon Jul 9 22:56:01 2007'
++[auth_log] returns ok
++[chap] returns noop
rlm_realm: Looking up realm "adsl.ihug.co.nz" for User-Name =
"salmanq at adsl.ihug.co.nz"
rlm_realm: No such realm "adsl.ihug.co.nz"
++[suffix] returns noop
radius_xlat: 'salmanq at adsl.ihug.co.nz'
rlm_sql (sql_auth): sql_set_user escaped user --> 'salmanq at adsl.ihug.co.nz'
rlm_sql (sql_auth): Reserving sql socket id: 4
radius_xlat: 'SELECT id, UserName, Attribute, Value, Op
FROM radcheck WHERE Username = 'salman
q at adsl.ihug.co.nz' ORDER BY id'
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 0 , fields = 5
radius_xlat: 'SELECT GroupName FROM radusergroup WHERE
UserName='salmanq at adsl.ihug.co.nz' ORDER BY priority'
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 0 , fields = 1
rlm_sql (sql_auth): Released sql socket id: 4
rlm_sql (sql_auth): User salmanq at adsl.ihug.co.nz not found
++[sql_auth] returns notfound
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
+- group authorize returns ok
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Found Post-Auth-Type Reject
Processing the post-auth section of radiusd.conf
+- entering group REJECT
radius_xlat: 'salmanq at adsl.ihug.co.nz'
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
+- group REJECT returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Sending delayed reject for request 0
Waking up in 4 seconds...
Any ideas why it ignores the "DEFAULT" realm? Or alternatively - how
else can I get the Stripped-User-Name ?
kind regards
Pshem
More information about the Freeradius-Users
mailing list