proxy.conf problem: username send with suffix

Hans Bornemann hans.bornemann at uni-dortmund.de
Tue May 20 13:57:17 CEST 2008 

Hi,

what is wrong in this configuration:

#  A standard realm entry. A request from "user at company.com" will be
#  sent to radius.company.com as "user", unless the 'nostrip'
#  configuration item is specified.  If the 'nostrip' configuration
#  item is specified, then the request will be proxied as
#  "user at company.com"

#
realm tu-dortmund.de {
        type            = radius
        authhost        = LOCAL
        accthost        = LOCAL
}

but freeradius takes username at tu-dortmund.de to check against radcheck.

debug output:

 rad_recv: Access-Request packet from host 129.217.169.191:32769, id=14,
length=280
        User-Name = "mhanborn at tu-dortmund.de"
        Calling-Station-Id = "00-19-D2-CF-E5-50"
        Called-Station-Id = "00-0B-85-60-39-10:ITMC-WPA2"
        NAS-Port = 29
        NAS-IP-Address = 129.217.157.246
        NAS-Identifier = "mh-wlc4"
        Airespace-Wlan-Id = 5
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "3503"
        EAP-Message =
0x0210005019800000004616030100410100003d03014832b93a0818b6073bdbd9b486630753af0d0f2e0469e2b071963d5240815fae00001600040005000a000900640062000300060013001200630100
        State = 0x622cbb3df28c136e779e7cacb89d1a8d
        Message-Authenticator = 0xc969e31716dd9b76025be36ae5e396e4
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 81
  modcall[authorize]: module "preprocess" returns ok for request 81
  modcall[authorize]: module "chap" returns noop for request 81
  modcall[authorize]: module "mschap" returns noop for request 81
    rlm_realm: Looking up realm "tu-dortmund.de" for User-Name =
"mhanborn at tu-dortmund.de"
    rlm_realm: Found realm "tu-dortmund.de"
    rlm_realm: Adding Stripped-User-Name = "mhanborn"
    rlm_realm: Proxying request from user mhanborn to realm
tu-dortmund.de
    rlm_realm: Adding Realm = "tu-dortmund.de"
    rlm_realm: Authentication realm is LOCAL.
  modcall[authorize]: module "suffix" returns noop for request 81
  rlm_eap: EAP packet type response id 16 length 80
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 81
radius_xlat:  'mhanborn at tu-dortmund.de'
rlm_sql (sql): sql_set_user escaped user --> 'mhanborn at tu-dortmund.de'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
radcheck           WHERE Username = 'mhanborn at tu-dortmund.de'
ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): User mhanborn at tu-dortmund.de not found in radcheck
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE usergroup.Username = 'mhanborn at tu-dortmund.de' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE usergroup.Username = 'mhanborn at tu-dortmund.de' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): User mhanborn at tu-dortmund.de not found in radgroupcheck

Thanks
Hans


-- 
Hans Bornemann
Universitaet Dortmund - ITMC
Tel. ++49 231 755 2132  Fax. ++49 231 755 2731

More information about the Freeradius-Users mailing list