info: WARNING: Child is hung for request XXXX in component <core> module (2.2.5)
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Fri Nov 21 18:17:02 CET 2014
> Eduroam *should* supply a list of >allowed domains. Packets for those >domains get proxied, everything else >gets dropped.
Intra federated system so how do people know all the available realms worldwide (huge list) and realms are being added all the time.. admins don't want to change their config all the time .
The initial rule is that sites should ensure the username has a valid construct before sending it upstream eg NAI format, with @ , no spaces in realm, no double dots, illegal characters etc. Check logs for typos of your own domain and drop those too (and contact the affected users! ) however, some federations go the extra mile and tell their community a black list of realms - that is a much shorter list of very common realms that won't work on eduroam
However I do recall a discussion we had about a RADIUS-based realm routing protocol many many years ago.... ;)
alan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141121/41aa3bf6/attachment.html>
More information about the Freeradius-Users
mailing list