User-Name missing realm in Access-Accept
Alain Péan
alain.pean at lpn.cnrs.fr
Wed Aug 12 17:41:02 CEST 2015
Hi David,
Le 12/08/2015 17:02, David Aldwinckle a écrit :
> FreeRADIUS Version 2.1.12
>
> It has been brought to my attention that my FreeRadius servers are
> responding to proxied requests from eduroam without the suffix portion
> of the user name. This is causing accounting issues for other
> institutions.
>
> In inner-tunnel, I have tried to add:
>
> post-auth {
> update outer.reply {
> User-Name = "%{request:User-Name}"
> }
> }
>
> I also have use_tunneled_reply = yes in eap.conf
I have the same version of freeradius (because Ubuntu 14.04...). To
achieve what you want, I put in the file sites-enables/default (wich is
a link to the file in sites-available), inside the section authorize :
# We reject login without realm (to force users to put the realm, even
locally)
if ( request:Realm == NULL ) {
update reply {
Reply-Message := "Username should be in the format
username at domain"
}
reject
}
In my case, it works.
Best Regards,
Alain
--
Administrateur Système/Réseau
Laboratoire de Photonique et Nanostructures (LPN/CNRS - UPR20)
Centre de Recherche Alcatel Data IV - Marcoussis
route de Nozay - 91460 Marcoussis
Tel : 01-69-63-61-34
More information about the Freeradius-Users
mailing list