"double" realm problem

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Wed Oct 7 13:50:00 CEST 2009


Hi,

> we do have one realm configured domainname.com which works perfectly. every
> user who wants to authenticate with a different realm is proxied to an
> outside radius. server. the setup works fine.
> 
> we do have some mobile devices who send something like:
> username at company.com@wlan.mnc003.mc
> username at company.com@Verisign...

as Stefan says - this looks suspiciously like Nokia Symbian clients.
if the client hasnt been configured correctly it will send the CN
of the certificate as the realm details...and other things - so you get
that double realm issue... which might get to you via external proxy..
or might not.

reject if you see more than one @ - or, if these are your people,
find them and fix their client. (in case of Nokia, its ensure that the
realm is specified rather than left to default setting.

alan



More information about the Freeradius-Users mailing list