AW: Realm delimiter characters
Nemec Christopher
Christopher.Nemec at lotterien.at
Tue Sep 2 10:17:41 CEST 2008
Hello Alan!
Here is the output of a sample RADIUS Request with the realm "host" as the prefix. It seems as if the rlm_realm is only looking for the "@" character as a delimiter. Below my output I have pasted the relevant content of the "/opt/etc/raddb/modules" file.
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 172.24.110.198 port 1094, id=91, length=118
User-Name = "host/habakuk"
User-Password = "habakuk"
NAS-IP-Address = 172.24.110.198
NAS-Port = 1101
NAS-Port-Type = Virtual
Calling-Station-Id = "00-01-F4-6F-28-E0"
Called-Station-Id = "00-01-F4-6F-28-E0"
NAS-Port-Id = "host.0.1"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "host/habakuk", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "host/habakuk"
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
++[suffix] returns ok
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
/opt/etc/raddb/modules:
# -*- text -*-
#
# $Id: realm,v 1.1 2008/05/30 09:18:46 aland Exp $
# Realm module, for proxying.
#
# You can have multiple instances of the realm module to
# support multiple realm syntaxs at the same time. The
# search order is defined by the order that the modules are listed
# in the authorize and preacct sections.
#
# Four config options:
# format - must be "prefix" or "suffix"
# The special cases of "DEFAULT"
# and "NULL" are allowed, too.
# delimiter - must be a single character
# 'realm/username'
#
# Using this entry, IPASS users have their realm set to "IPASS".
realm IPASS {
format = prefix
delimiter = "/"
}
realm prefix {
format = prefix
delimiter = "/"
}
# 'username at realm'
#
realm suffix {
format = suffix
delimiter = "@"
}
# 'username%realm'
#
realm realmpercent {
format = suffix
delimiter = "%"
}
#
# 'domain\user'
#
realm ntdomain {
format = prefix
delimiter = "\\"
}
The corresponding configuration in the "/opt/etc/raddb/proxy.conf" file is the following:
realm host {
auth_pool = ias_failover
}
The auth_pool is configured properly and I have succesfully tested an authentication. Why is freeradius not searching for the "/" character as a delimiter? Any idea?
-----Ursprüngliche Nachricht-----
Von: freeradius-users-bounces+christopher.nemec=lotterien.at at lists.freeradius.org [mailto:freeradius-users-bounces+christopher.nemec=lotterien.at at lists.freeradius.org] Im Auftrag von A.L.M.Buxey at lboro.ac.uk
Gesendet: Montag, 01. September 2008 21:31
An: FreeRadius users mailing list
Betreff: Re: Realm delimiter characters
Hi,
> Question: WHERE does this configuration go? I have not found any suitable configuration file. According to an outdated info in the wiki, this information is supposed to be made in the radiusd.conf ... but this information is no longer valid for version 2.0.5.
almost all of the functionality has been moved into 2 locations, either virtual servers (located in sites-available, to which you put a softlink from site-enabled), or modules (all located in the module
directory) - in this case, realms are moved into the modules directory. you may need to 'activate' prefix or suffix to get the delimiters working.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Oesterreichische Lotterien Gesellschaft m.b.H., Rennweg 44, A-1038 Wien,
FN 54472 g, Handelsgericht Wien, DVR-Nr: 0476706
More information about the Freeradius-Users
mailing list