Problem with NULL realm..

Mon Jul 9 13:09:48 CEST 2007

> ... Username='%{Stripped-User-Name}' AND realm='%{Realm:-pop.co.za}' AND
> ....
> 
> ie - if the REALM is missing - it should default to 'pop.co.za'...
> 
> Anyway - still getting incorrect logins....
> 
> A radiusd -X shows me that   .."WHERE Username='mje' AND realm='NULL'
> AND"...

That's how it works. You'll need to refactor your SQL query e.g.

select foo from bar where Username='%{Stripped-User-Name}' and realm=(
 case
  when '%{Realm}'='NULL' then 'pop.co.za'
  else '%{Realm}'
 end)

The other and slightly easier alternative is to set "ignore_null = yes"
on your realm module so that users without a realm won't match the
module, and then use:

select foo from bar where
  Username='%{Stripped-User-Name:-%{User-Name}}'
and
  realm='${Realm:-pop.co.za}'

> 
> ie - If there is no realm - its set to the string of four characters
> 'NULL' rather than the string '\0' ..
> not what I was hoping for...
> 
> If the realm is missing - it can only refer to a user in the 'pop.co.za'
> realm - and no other.
> 
> Suggestions?
> 
> ie - the equivalent of ...  if( ${Realm} == "NULL") Realm="pop.co.za"
> ..put somewhere.
> 
> 
> ps. It would be very useful if one could run radiusd in '-X' mode based
> on some criteria - such as the Realm or the Nas,
> especially on a busy server - just for matching packets.
> 
> (in proxy.conf .. syntax of
> realm myrealm.com {
>     type        = radius
>     authhost    = LOCAL
>     accthost    = LOCAL
>     debug       = yes
> }
> 
> or in clients.conf
> client  access.pop.co.za {
>     secret      = very
>     shortname   = access
>     nastype     = cisco
>     debug       =  yes
> }
> )
> 
> 
> 
> 
> 
> 