Update User-Name

Alan DeKok aland at deployingradius.com
Sat Sep 9 23:12:54 CEST 2017


On Sep 9, 2017, at 4:22 PM, Dale Lloyd <dale.lloyd at gmail.com> wrote:
> Yes, I am now able to forward the packet, thanks to your suggestion,
> but I can only forward packets to the UK RADIUS Proxy Servers, and
> those servers won't know where to forward the packet if the domain is
> not included in the username. I asked our neighboring University if I
> could forward requests matching a certain pattern directly to them and
> they declined.

  Then proxying won't work.

  You can't update the User-Name attribute.  For various technical reasons that won't work, as you've seen.

  You can't proxy directly to them, because they won't allow it.

  Their users won't enter the full user + domain.

  So... you're stuck.

> I also tried both updating the User-Name and setting the
> Proxy-To-Realm, but the request gets denied by the remote RADIUS
> server, probably because by updating the User-Name, I am breaking EAP?

  Yes.

> Am I missing something, or is my work-around not possible?

  It's not possible.

  It's also not your responsibility.  If they're not using eduroam correctly, their users won't get on the network.

  If their users call and complain they can't get on their network, tell them they're violating the eduroam spec.  And that it's not your problem, it's their problem.

  Alan DeKok.




More information about the Freeradius-Users mailing list