Realm
Phil Mayers
p.mayers at imperial.ac.uk
Wed Jan 23 15:58:56 CET 2013
On 23/01/13 14:47, Miha wrote:
> Hi,
>
> my radius client is sending with user-name and password aslo realm. I
> can not disable sending realm, is it possible to configure radius that
> will not user realm with user-name (user-name at realm)?
>
> [digest] Digest-Attributes look OK. Converting them to something more
> usful.
> *Digest-User-Name = "018108500"*
> *Digest-Realm = "test1.opensips.softnet.si"*
> Digest-Nonce = "510001fb00000006c9cc728438be21e324f917a5ea234380"
> Digest-URI = "sip:+38588888882 at test1.opensips.test.si"
> Digest-Method = "INVITE"
> [digest] Adding Auth-Type = DIGEST
> ++[digest] returns ok
> [suffix] Looking up realm "test1.opensips.softnet.si" for User-Name =
> *"018108500 at test1.opensips.**test.si*"
> [suffix] No such realm "test1.opensips.softnet.si"
> ++[suffix] returns noop
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[files] returns noop
> [sql] expand: %{User-Name} -> *018108500 at test1.opensips.**test.si*
>
>
> Radius will need to chack only user-name (*018108500*).
Sure. The easiest option is something like this:
authorize {
...
if (User-Name =~ /^(.+)@(.+)$/) {
update request {
Stripped-User-Name := "%{1}"
Realm := "%{2}"
}
}
...
}
...and then ensure your SQL/files/whatever modules use an appropriate
expansion for their "key" value e.g.
sql {
...
sql_user_name = "%{%{Stripped-User-Name}:-%{User-Name}}"
...
}
This is the default. So basically, you identify the realm yourself, set
"Stripped-User-Name", and use that.
More information about the Freeradius-Users
mailing list