Default realm in 2.0.0-pre1

Pshem Kowalczyk pshem.k at gmail.com
Mon Jul 9 13:01:12 CEST 2007


Hi,

I'm building 'backend' radius servers, that only have to know about
one domain - the default one, despite the stuff the users put into
their login names.

I have the following config (proxy.conf):

proxy server {
        default_fallback = no
}

realm LOCAL {

}
realm NULL {
        authhost        = LOCAL
        accthost        = LOCAL
        secret          = NONE
}

realm DEFAULT {
        authhost        = LOCAL
        accthost        = LOCAL
        secret          = NONE
}

But when I try to auth something that has a domain - it doesn't get
recognised properly:

Config:   including file: /etc/freeradius/radiusd.conf
Config:   including file: /etc/freeradius/proxy.conf
Config:   including file: /etc/freeradius/clients.conf
Config:   including file: /etc/freeradius/snmp.conf
Config:   including file: /etc/freeradius/sql.conf
Config:   including file: /etc/freeradius/sql/postgresql-auth.conf
Config:   including file: /etc/freeradius/sql/postgresql-acct.conf
FreeRADIUS Version 2.0.0-pre1, for host i486-pc-linux-gnu, built on
Jul  2 2007 at 17:42:30
Starting - reading configuration files ...
read_config_files:  reading dictionary
main {
        prefix = "/usr"
        localstatedir = "/var"
        logdir = "/var/log/freeradius"
        libdir = "/usr/lib/freeradius"
        radacctdir = "/var/log/freeradius/radacct"
        hostname_lookups = no
        snmp = no
        max_request_time = 30
        cleanup_delay = 5
        max_requests = 1024
        allow_core_dumps = no
        log_stripped_names = yes
        log_file = "/var/log/freeradius/radius.log"
        log_auth = no
        log_auth_badpass = yes
        log_auth_goodpass = no
        pidfile = "/var/run/freeradius/freeradius.pid"
        user = "freerad"
        group = "freerad"
        checkrad = "/usr/sbin/checkrad"
        debug_level = 0
        proxy_requests = yes
 log {
        syslog_facility = "daemon"
 }
 proxy server {
        retry_delay = 5
        retry_count = 3
        default_fallback = no
        dead_time = 120
        wake_all_if_all_dead = no
 }
 security {
        max_attributes = 200
        reject_delay = 1
        status_server = yes
 }
}
 realm LOCAL {
        ldflag = fail_over
 }
 realm NULL {
        ldflag = fail_over
        secret = NONE
 }
 realm DEFAULT {
        ldflag = fail_over
        secret = NONE
 }
        port = 1812
 listen {
        type = "auth"
        ipaddr = *
        port = 1812
 }
 listen {
        type = "acct"
        ipaddr = *
        port = 1813
 }
 client 127.0.0.1 {
        secret = "testing123"
        shortname = "localhost"
        nastype = "other"
 }
 client 10.119.10.23/32 {
        secret = "xyz"
        shortname = "akl-grafton-radproxy1"
 }
 client 10.119.10.24/32 {
        secret = "xyz"
        shortname = "akl-grafton-radproxy2"
 }
radiusd:  entering modules setup
radiusd: Library search path is /usr/lib/freeradius
 instantiate {
 }
 modules {
 Module: Instantiating section authenticate
 Module: Linked to module rlm_pap
 Module: Instantiating pap
  pap {
        encryption_scheme = "auto"
        auto_header = no
  }
 Module: Linked to module rlm_chap
 Module: Instantiating chap
 Module: Instantiating section authorize
 Module: Linked to module rlm_preprocess
 Module: Instantiating preprocess
  preprocess {
        huntgroups = "/etc/freeradius/huntgroups"
        hints = "/etc/freeradius/hints"
        with_ascend_hack = no
        ascend_channels_per_line = 23
        with_ntdomain_hack = no
        with_specialix_jetstream_hack = no
        with_cisco_vsa_hack = yes
        with_alvarion_vsa_hack = no
  }
 Module: Linked to module rlm_detail
 Module: Instantiating auth_log
  detail auth_log {
        detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
        header = "%t"
        detailperm = 384
        dirperm = 493
        locking = no
        log_packet_header = no
  }
 Module: Linked to module rlm_realm
 Module: Instantiating suffix
  realm suffix {
        format = "suffix"
        delimiter = "@"
        ignore_default = no
        ignore_null = yes
  }
 Module: Linked to module rlm_sql
 Module: Instantiating sql_auth
  sql sql_auth {
        driver = "rlm_sql_postgresql"
        server = "10.119.15.5"
        port = ""
        login = "raduser"
        password = "raduser"
        radius_db = "radbackend"
        sqltrace = no
        sqltracefile = "/var/log/freeradius/sqltrace.sql"
        readclients = no
        deletestalesessions = yes
        num_sql_socks = 5
        sql_user_name = "%{Stripped-User-Name:-%{User-Name}}"
        default_user_profile = ""
        safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
/"
	QUERIES STRIPPED
  }
rlm_sql (sql_auth): Driver rlm_sql_postgresql (module
rlm_sql_postgresql) loaded and linked
rlm_sql (sql_auth): Attempting to connect to raduser at 10.119.15.5:/radbackend
rlm_sql (sql_auth): starting 0
rlm_sql (sql_auth): Attempting to connect rlm_sql_postgresql #0
rlm_sql (sql_auth): Connected new DB handle, #0
rlm_sql (sql_auth): starting 1
rlm_sql (sql_auth): Attempting to connect rlm_sql_postgresql #1
rlm_sql (sql_auth): Connected new DB handle, #1
rlm_sql (sql_auth): starting 2
rlm_sql (sql_auth): Attempting to connect rlm_sql_postgresql #2
rlm_sql (sql_auth): Connected new DB handle, #2
rlm_sql (sql_auth): starting 3
rlm_sql (sql_auth): Attempting to connect rlm_sql_postgresql #3
rlm_sql (sql_auth): Connected new DB handle, #3
rlm_sql (sql_auth): starting 4
rlm_sql (sql_auth): Attempting to connect rlm_sql_postgresql #4
rlm_sql (sql_auth): Connected new DB handle, #4
 Module: Instantiating section preacct
 Module: Linked to module rlm_acct_unique
 Module: Instantiating acct_unique

  acct_unique {
        key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
  }
 Module: Instantiating section accounting
 Module: Instantiating detail
  detail {
        detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
        header = "%t"
        detailperm = 384
        dirperm = 493
        locking = no
        log_packet_header = no
  }
 Module: Instantiating sql_acct
  sql sql_acct {
        driver = "rlm_sql_postgresql"
        server = "10.119.15.6"
        port = ""
        login = "raduser"
        password = "raduser"
        radius_db = "radbackend"
        sqltrace = no
        sqltracefile = "/var/log/freeradius/sqltrace.sql"
        readclients = no
        deletestalesessions = yes
        num_sql_socks = 5
        sql_user_name = "%{Stripped-User-Name:-%{User-Name}}"
        default_user_profile = ""
	QUERIES STRIPPED
  }
rlm_sql (sql_acct): Driver rlm_sql_postgresql (module
rlm_sql_postgresql) loaded and linked
rlm_sql (sql_acct): Attempting to connect to raduser at 10.119.15.6:/radbackend
rlm_sql (sql_acct): starting 0
rlm_sql (sql_acct): Attempting to connect rlm_sql_postgresql #0
rlm_sql (sql_acct): Connected new DB handle, #0
rlm_sql (sql_acct): starting 1
rlm_sql (sql_acct): Attempting to connect rlm_sql_postgresql #1
rlm_sql (sql_acct): Connected new DB handle, #1
rlm_sql (sql_acct): starting 2
rlm_sql (sql_acct): Attempting to connect rlm_sql_postgresql #2
rlm_sql (sql_acct): Connected new DB handle, #2
rlm_sql (sql_acct): starting 3
rlm_sql (sql_acct): Attempting to connect rlm_sql_postgresql #3
rlm_sql (sql_acct): Connected new DB handle, #3
rlm_sql (sql_acct): starting 4
rlm_sql (sql_acct): Attempting to connect rlm_sql_postgresql #4
rlm_sql (sql_acct): Connected new DB handle, #4
 Module: Linked to module rlm_attr_filter
 Module: Instantiating attr_filter.accounting_response
  attr_filter attr_filter.accounting_response {
        attrsfile = "/etc/freeradius/attrs.accounting_response"
        key = "%{User-Name}"
  }
 Module: Instantiating section post-auth
 Module: Instantiating reply_log
  detail reply_log {
        detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d"
        header = "%t"
        detailperm = 384
        dirperm = 493
        locking = no
        log_packet_header = no
  }
 Module: Instantiating attr_filter.access_reject
  attr_filter attr_filter.access_reject {
        attrsfile = "/etc/freeradius/attrs.access_reject"
        key = "%{User-Name}"
  }
 }
Initializing the thread pool...
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
Nothing to do.  Sleeping until we see a request.
  Processing the authorize section of radiusd.conf
+- entering group authorize
  hints: Matched DEFAULT at 4
++[preprocess] returns ok
radius_xlat:  '/var/log/freeradius/radacct/127.0.0.1/auth-detail-20070709'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/1
27.0.0.1/auth-detail-20070709
radius_xlat:  'Mon Jul  9 22:56:01 2007'
++[auth_log] returns ok
++[chap] returns noop
    rlm_realm: Looking up realm "adsl.ihug.co.nz" for User-Name =
"salmanq at adsl.ihug.co.nz"
    rlm_realm: No such realm "adsl.ihug.co.nz"
++[suffix] returns noop
radius_xlat:  'salmanq at adsl.ihug.co.nz'
rlm_sql (sql_auth): sql_set_user escaped user --> 'salmanq at adsl.ihug.co.nz'
rlm_sql (sql_auth): Reserving sql socket id: 4
radius_xlat:  'SELECT id, UserName, Attribute, Value, Op
 FROM radcheck           WHERE Username = 'salman
q at adsl.ihug.co.nz'              ORDER BY id'
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 0 , fields = 5
radius_xlat:  'SELECT GroupName FROM radusergroup WHERE
UserName='salmanq at adsl.ihug.co.nz' ORDER BY priority'
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 0 , fields = 1
rlm_sql (sql_auth): Released sql socket id: 4
rlm_sql (sql_auth): User salmanq at adsl.ihug.co.nz not found
++[sql_auth] returns notfound
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
+- group authorize returns ok
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
  Found Post-Auth-Type Reject
  Processing the post-auth section of radiusd.conf
+- entering group REJECT
radius_xlat:  'salmanq at adsl.ihug.co.nz'
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
+- group REJECT returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Sending delayed reject for request 0
Waking up in 4 seconds...


Any ideas why it ignores the "DEFAULT" realm? Or alternatively - how
else can I get the Stripped-User-Name ?

kind regards
Pshem



More information about the Freeradius-Users mailing list