Rejected: Realm does not have at least one dot separator
Mohamed Lrhazi
Mohamed.Lrhazi at georgetown.edu
Fri Jun 26 18:03:10 CEST 2015
Hello,
I am redeploying 3.0.8 on a new system using the same config files as my
existing prod systems... but in the new system, I get this error...
Username does have a dot in the realm... but the expression somehow fails...
(0) # Executing section authorize from file /etc/raddb/sites-enabled/default
(0) authorize {
(0) policy filter_username {
(0) if (User-Name != "%{tolower:%{User-Name}}") {
(0) EXPAND %{tolower:%{User-Name}}
(0) --> *georgetown_test at eduroamus.edu
<georgetown_test at eduroamus.edu>*
(0) if (User-Name != "%{tolower:%{User-Name}}") -> FALSE
(0) if (User-Name =~ / /) {
(0) if (User-Name =~ / /) -> FALSE
(0) if (User-Name =~ /@.*@/ ) {
(0) if (User-Name =~ /@.*@/ ) -> FALSE
(0) if (User-Name =~ /\\.\\./ ) {
(0) if (User-Name =~ /\\.\\./ ) -> FALSE
(0) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) {
(0) * if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) ->
TRUE*
(0) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) {
(0) update reply {
(0) Reply-Message += "*Rejected: Realm does not have at least one
dot separator*"
(0) } # update reply = noop
(0) [reject] = reject
(0) } # if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) =
reject
(0) } # policy filter_username = reject
(0) } # authorize = reject
(0) Using Post-Auth-Type Reject
In the config, the rule looks like so:
sudo grep -A4 -B5 -r "dot separator" /etc/raddb
/etc/raddb/policy.d/filter- # must have at least 1 string-dot-string
after @
/etc/raddb/policy.d/filter- # e.g. "user at site.com"
/etc/raddb/policy.d/filter- #
/etc/raddb/policy.d/filter- if ((User-Name =~ /@/) && (User-Name !~
/@(.+)\\.(.+)$/)) {
/etc/raddb/policy.d/filter- update reply {
/etc/raddb/policy.d/filter: Reply-Message += "Rejected:
Realm does not have at least one dot separator"
/etc/raddb/policy.d/filter- }
/etc/raddb/policy.d/filter- reject
/etc/raddb/policy.d/filter- }
/etc/raddb/policy.d/filter-
Thanks,
Mohamed.
More information about the Freeradius-Users
mailing list