Is FreeRADIUS 2.1.1 capable of handling NAI decorations

Alan DeKok aland at
Tue Dec 2 17:05:27 CET 2008

Luca Adamo wrote:
> FreeRADIUS 2.1.1 seems to be unable to process the NAI decoration

  What does that mean?  The configuration language ("man unlang") has
support for a wide range of attribute matching && re-writing methods.

  The *default* methods shipped in the example configuration files do
not include WiMAX examples.  Instead, they show the traditional RADIUS
methods of handling realms.

> so the
> username is passed unaltered to the modules and of course there're a lot
> of problems arising for the presence of the curly braces and the equal
> sing inside the User-Name.

  See "man unlang".  You can re-write the User-Name to be anything you want.

> If I hack the safe character list of Oracle
> (the database I chose to store user credentials and profiles) adding
> both the curly braces and the equal sign everything work fine but IMHO
> is not the solution. I tried also to use the attr_rewrite module trying
> to remove the unwanted prefix from the User-Name attrribute but this
> obviously breaks EAP (as Alan also has stated in a mail discussion I red
> on the Internet).

  That's a larger issue that I'm currently trying to resolve with the
IETF, the WiMAX forum, the FMCA, the WBA, and many other acronym-laden

> Sorry if I've been too prolix, at the end my question is the one of the
> subject..."Is FreeRADIUS 2.1.1 capable of handling NAI decorations
> according to WiMaX Forum 1.2 St. 3?" And if not, can I have some
> suggestion on which one can be the starting point for the development of
> such functionality?

  Re-writing the User-Name may cause the EAP module to get upset.

  The simplest way to fix this is to edit src/modules/rlm_eap/*.c in
order to remove the checks that require EAP identity to be the same as
the User-Name.

  Alan DeKok.

More information about the Freeradius-Users mailing list