rlm_realm doesn't strip the username

Tomasz Zieleniewski tzieleniewski at gmail.com
Fri Oct 12 18:51:24 CEST 2007


I do not use clients.conf file, I use database.

When I switch to my previous build 2.0.0-pre0 it works.
When I run 2.0.0-pre2 it doesn't.
I use the same configuration.

Cheers
tomasz

On 10/12/07, tnt at kalik.co.yu <tnt at kalik.co.yu> wrote:
>
> Add this to clients.conf:
>
> client 127.0.0.1 {
>         secret          = testing123
>         shortname       = localhost
> }
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
>
> Dana 12/10/2007, "Tomasz Zieleniewski" <tzieleniewski at gmail.com> piše:
>
> >Thank you Alan
> >
> >I updated to 2.0.0-pre2. But now I have some errors and I can' tcheck
> >again:)
> >Now when my NAS sends the Accounting request or I try to run 'radtest'
> tool,
> >the verification fails.
> >I didn't change anything in the configuration and in the database. I have
> >the same NAS configuration.
> >I get the following error in the debug mode:
> >
> >Ignoring request to authentication address * 1812 from unknown client
> >127.0.0.1 port 37391
> >
> >Please point me what do I missed:)
> >
> >Best regards
> >tomasz
> >
> >Tomasz Zieleniewski wrote:
> >> > I am using radius version 2.0.0-pre0.
> >> > I have the following problem that when I receive the
> Accounting-Request
> >> > with the username whose domain part is not checked with any of my
> realm
> >> > defined in the proxy.conf file. The username is not stripped.
> >> > I use the suffix rule for domain: 'username at domain" in my realm
> module
> >> > and I inoke it in preacct in radiusd.conf.
> >> > I have the DEFAULT realm defined and it doesn't have the nostrip
> option
> >> > activated.
> >> > So I think when there is no domain match the username should also be
> >> > stripped??
> >>
> >>   Likely, yes.  What does debug mode say?
> >>
> >>   You could also try running CVS head, which has a number of fixes over
> >> 2.0-pre0.
> >>
> >>   Alan DeKok.
> >>
> >>
> >> ------------------------------
> >>
> >> Message: 10
> >> Date: Fri, 12 Oct 2007 10:16:43 -0300
> >> From: "Sergio Belkin" <sebelk at gmail.com>
> >> Subject: Re: TLS fatal access_denied
> >> To: "FreeRadius users mailing list"
> >>         <freeradius-users at lists.freeradius.org>
> >> Message-ID:
> >>         <8c6f7f450710120616t48014e18g8c02184fdaef6b97 at mail.gmail.com>
> >> Content-Type: text/plain; charset=ISO-8859-1
> >>
> >> 2007/10/11, tnt at kalik.co.yu <tnt at kalik.co.yu>:
> >> > How sure are you that you are using EAP-TTLS?
> >> >
> >> > >  rlm_eap: EAP NAK
> >> > > rlm_eap: EAP-NAK asked for EAP-Type/peap   <==
> >> >
> >> > Ivan Kalik
> >> > Kalik Informatika ISP
> >> >
> >> > -
> >> > List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >> >
> >>
> >> I am pretty sure because I has  default_eap_type = ttls. I've just
> >> fixed, it was a problem of certificates...
> >>
> >> thanks-
> >>
> >> --
> >> --
> >> Sergio Belkin -
> >>
> >>
> >> ------------------------------
> >>
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >>
> >>
> >> End of Freeradius-Users Digest, Vol 30, Issue 49
> >> ************************************************
> >>
> >
> >
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20071012/bbd24567/attachment.html>


More information about the Freeradius-Users mailing list