"double" realm problem

Stefan Winter stefan.winter at restena.lu
Wed Oct 7 13:43:43 CEST 2009


Hi,

> we do have one realm configured domainname.com <http://domainname.com>
> which works perfectly. every user who wants to authenticate with a
> different realm is proxied to an outside radius. server. the setup
> works fine. 
>
> we do have some mobile devices who send something like: 
> username at company.com <mailto:username at company.com>@wlan.mnc003.mc
> <http://wlan.mnc003.mc> 
> username at company.com <mailto:username at company.com>@Verisign...

Ah. Nokia cell phones with Symbian by any chance? Recent firmwares
behave less rude, but of course you may not have control over these clients.

> we send these requests to our proxy and the proxy sends it back to us,....
>
> from my understanding i cant solve it with a regex in the proxy.conf,
> right? since the "realm" is just the string after the last @?

A regex on the User-Name should do nicely. If it contains multiple @'s
Auth-Type := Reject.

> anyone has an idea how i can process such request in my company.com
> <http://company.com> realm? inside the realm i strip everything out,
> so it should work then. 

Greetings,

Stefan Winter

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473




More information about the Freeradius-Users mailing list