info: WARNING: Child is hung for request XXXX in component <core> module (2.2.5)
Alan DeKok
aland at deployingradius.com
Fri Nov 21 19:06:14 CET 2014
Alan Buxey wrote:
>> Eduroam *should* supply a list of >allowed domains. Packets for those
>>domains get proxied, everything else >gets dropped.
>
> Intra federated system so how do people know all the available realms
> worldwide (huge list) and realms are being added all the time.. admins
> don't want to change their config all the time .
>
> The initial rule is that sites should ensure the username has a valid
> construct before sending it upstream eg NAI format, with @ , no spaces
> in realm, no double dots, illegal characters etc. Check logs for typos
> of your own domain and drop those too (and contact the affected users! )
> however, some federations go the extra mile and tell their community a
> black list of realms - that is a much shorter list of very common realms
> that won't work on eduroam
>
> However I do recall a discussion we had about a RADIUS-based realm
> routing protocol many many years ago.... ;)
>
>
> alan
>
>
> ------------------------------------------------------------------------
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list