rlm_realm doesn't strip the username

tnt at kalik.co.yu tnt at kalik.co.yu
Fri Oct 12 18:34:03 CEST 2007


Add this to clients.conf:

client 127.0.0.1 {
        secret          = testing123
        shortname       = localhost
}

Ivan Kalik
Kalik Informatika ISP



Dana 12/10/2007, "Tomasz Zieleniewski" <tzieleniewski at gmail.com> piše:

>Thank you Alan
>
>I updated to 2.0.0-pre2. But now I have some errors and I can' tcheck
>again:)
>Now when my NAS sends the Accounting request or I try to run 'radtest' tool,
>the verification fails.
>I didn't change anything in the configuration and in the database. I have
>the same NAS configuration.
>I get the following error in the debug mode:
>
>Ignoring request to authentication address * 1812 from unknown client
>127.0.0.1 port 37391
>
>Please point me what do I missed:)
>
>Best regards
>tomasz
>
>Tomasz Zieleniewski wrote:
>> > I am using radius version 2.0.0-pre0.
>> > I have the following problem that when I receive the Accounting-Request
>> > with the username whose domain part is not checked with any of my realm
>> > defined in the proxy.conf file. The username is not stripped.
>> > I use the suffix rule for domain: 'username at domain" in my realm module
>> > and I inoke it in preacct in radiusd.conf.
>> > I have the DEFAULT realm defined and it doesn't have the nostrip option
>> > activated.
>> > So I think when there is no domain match the username should also be
>> > stripped??
>>
>>   Likely, yes.  What does debug mode say?
>>
>>   You could also try running CVS head, which has a number of fixes over
>> 2.0-pre0.
>>
>>   Alan DeKok.
>>
>>
>> ------------------------------
>>
>> Message: 10
>> Date: Fri, 12 Oct 2007 10:16:43 -0300
>> From: "Sergio Belkin" <sebelk at gmail.com>
>> Subject: Re: TLS fatal access_denied
>> To: "FreeRadius users mailing list"
>>         <freeradius-users at lists.freeradius.org>
>> Message-ID:
>>         <8c6f7f450710120616t48014e18g8c02184fdaef6b97 at mail.gmail.com>
>> Content-Type: text/plain; charset=ISO-8859-1
>>
>> 2007/10/11, tnt at kalik.co.yu <tnt at kalik.co.yu>:
>> > How sure are you that you are using EAP-TTLS?
>> >
>> > >  rlm_eap: EAP NAK
>> > > rlm_eap: EAP-NAK asked for EAP-Type/peap   <==
>> >
>> > Ivan Kalik
>> > Kalik Informatika ISP
>> >
>> > -
>> > List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>> >
>>
>> I am pretty sure because I has  default_eap_type = ttls. I've just
>> fixed, it was a problem of certificates...
>>
>> thanks-
>>
>> --
>> --
>> Sergio Belkin -
>>
>>
>> ------------------------------
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>>
>> End of Freeradius-Users Digest, Vol 30, Issue 49
>> ************************************************
>>
>
>




More information about the Freeradius-Users mailing list