Strip off the domain part from the User-Name

Robert Roll Robert.Roll at
Sat Mar 26 16:54:56 CET 2011

Thank You !  This is very good information...
I did NOT realize that user at undefinedRealm would NOT
preserve Realm..... That does make a hugh difference...

 I did read your other post, and am really NOT adverse to making use of
unlang. I did start to read a little about policy.conf and like the idea of
sort of "subroutines" defined there...

Thanks Much,


From: at [ at] On Behalf Of Phil Mayers [p.mayers at]
Sent: Saturday, March 26, 2011 4:59 AM
To: freeradius-users at
Subject: Re: Strip off the domain part from the User-Name

On 03/25/2011 09:45 PM, Robert Roll wrote:

>    Note that in the above the Realm is quite useful, but there is NO need to
> actually do proxy, so really no "REAL" need to get into the proxy.conf ?

This is a good reason to use unlang rather than realm. "realm" is
designed for proxying, always gets it list of realms from "proxy.conf"
and sets the control:Proxy-To-Realm attribute.

You also may not realise that user at undefined realm will set:

   Stripped-User-Name = use
   Realm = DEFAULT

i.e. the Realm value does *not* preserve the text after the @.

Your original problem (crazy loop) occurred because the DEFAULT realm
you defined in proxy.conf was pointing somewhere else - probably back at
the very same radius server, resulting in an infinite loop.

List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list