authentication fails because of the realm isn't stripped

hans.bornemann at tu-dortmund.de hans.bornemann at tu-dortmund.de
Tue Sep 26 08:57:59 CEST 2017 

Hi,

the authentication fails because of the realm isn't stripped.

the man page says: "by default the realm is stripped ..."



proxy.conf:
#### just testing telesec #######
realm telesec {
        authhost = LOCAL
        secret   =  blabla
}

Debug:
Tue Sep 26 08:33:47 2017 : Debug: (1)   User-Name = "hans at telesec"
Tue Sep 26 08:33:47 2017 : Debug: (1)   User-Password = "Itmc2628"
Tue Sep 26 08:33:47 2017 : Debug: (1) session-state: No State attribute
Tue Sep 26 08:33:47 2017 : Debug: (1) # Executing section authorize from file /etc/freeradius/sites-enabled/default
Tue Sep 26 08:33:47 2017 : Debug: (1)   authorize {
Tue Sep 26 08:33:47 2017 : Debug: (1)     policy filter_username {
Tue Sep 26 08:33:47 2017 : Debug: (1)       if (&User-Name) {
Tue Sep 26 08:33:47 2017 : Debug: (1)       if (&User-Name)  -> TRUE
Tue Sep 26 08:33:47 2017 : Debug: (1)       if (&User-Name)  {
Tue Sep 26 08:33:47 2017 : Debug: (1)         if (&User-Name =~ / /) {
Tue Sep 26 08:33:47 2017 : Debug: (1)         if (&User-Name =~ / /)  -> FALSE
Tue Sep 26 08:33:47 2017 : Debug: (1)         if (&User-Name =~ /@[^@]*@/ ) {
Tue Sep 26 08:33:47 2017 : Debug: (1)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
Tue Sep 26 08:33:47 2017 : Debug: (1)         if (&User-Name =~ /\.\./ ) {
Tue Sep 26 08:33:47 2017 : Debug: (1)         if (&User-Name =~ /\.\./ )  -> FALSE
Tue Sep 26 08:33:47 2017 : Debug: (1)         if (&User-Name =~ /\.$/)  {
Tue Sep 26 08:33:47 2017 : Debug: (1)         if (&User-Name =~ /\.$/)   -> FALSE
Tue Sep 26 08:33:47 2017 : Debug: (1)         if (&User-Name =~ /@\./)  {
Tue Sep 26 08:33:47 2017 : Debug: (1)         if (&User-Name =~ /@\./)   -> FALSE
Tue Sep 26 08:33:47 2017 : Debug: (1)       } # if (&User-Name)  = notfound
Tue Sep 26 08:33:47 2017 : Debug: (1)     } # policy filter_username = notfound
Tue Sep 26 08:33:47 2017 : Debug: (1)     modsingle[authorize]: calling preprocess (rlm_preprocess)
Tue Sep 26 08:33:47 2017 : Debug: (1)     modsingle[authorize]: returned from preprocess (rlm_preprocess)
Tue Sep 26 08:33:47 2017 : Debug: (1)     [preprocess] = ok
Tue Sep 26 08:33:47 2017 : Debug: (1)     modsingle[authorize]: calling chap (rlm_chap)
Tue Sep 26 08:33:47 2017 : Debug: (1)     modsingle[authorize]: returned from chap (rlm_chap)
Tue Sep 26 08:33:47 2017 : Debug: (1)     [chap] = noop
Tue Sep 26 08:33:47 2017 : Debug: (1)     modsingle[authorize]: calling mschap (rlm_mschap)
Tue Sep 26 08:33:47 2017 : Debug: (1)     modsingle[authorize]: returned from mschap (rlm_mschap)
Tue Sep 26 08:33:47 2017 : Debug: (1)     [mschap] = noop
Tue Sep 26 08:33:47 2017 : Debug: (1)     modsingle[authorize]: calling digest (rlm_digest)
Tue Sep 26 08:33:47 2017 : Debug: (1)     modsingle[authorize]: returned from digest (rlm_digest)
Tue Sep 26 08:33:47 2017 : Debug: (1)     [digest] = noop
Tue Sep 26 08:33:47 2017 : Debug: (1)     modsingle[authorize]: calling suffix (rlm_realm)
Tue Sep 26 08:33:47 2017 : Debug: (1) suffix: Checking for suffix after "@"
Tue Sep 26 08:33:47 2017 : Debug: (1) suffix: Looking up realm "telesec" for User-Name = "hans at telesec"
Tue Sep 26 08:33:47 2017 : Debug: (1) suffix: Found realm "telesec"
Tue Sep 26 08:33:47 2017 : Debug: (1) suffix: Adding Stripped-User-Name = "hans"
Tue Sep 26 08:33:47 2017 : Debug: (1) suffix: Adding Realm = "telesec"
Tue Sep 26 08:33:47 2017 : Debug: (1) suffix: Authentication realm is LOCAL
Tue Sep 26 08:33:47 2017 : Debug: (1)     modsingle[authorize]: returned from suffix (rlm_realm)
Tue Sep 26 08:33:47 2017 : Debug: (1)     [suffix] = ok
Tue Sep 26 08:33:47 2017 : Debug: (1)     modsingle[authorize]: calling eap (rlm_eap)
Tue Sep 26 08:33:47 2017 : Debug: (1) eap: No EAP-Message, not doing EAP
Tue Sep 26 08:33:47 2017 : Debug: (1)     modsingle[authorize]: returned from eap (rlm_eap)
Tue Sep 26 08:33:47 2017 : Debug: (1)     [eap] = noop
Tue Sep 26 08:33:47 2017 : Debug: (1)     modsingle[authorize]: calling files (rlm_files)
Tue Sep 26 08:33:47 2017 : Debug: (1)     modsingle[authorize]: returned from files (rlm_files)
Tue Sep 26 08:33:47 2017 : Debug: (1)     [files] = noop
Tue Sep 26 08:33:47 2017 : Debug: (1)     modsingle[authorize]: calling sql (rlm_sql)
Tue Sep 26 08:33:47 2017 : Debug: %{User-Name}
Tue Sep 26 08:33:47 2017 : Debug: Parsed xlat tree:
Tue Sep 26 08:33:47 2017 : Debug: attribute --> User-Name
Tue Sep 26 08:33:47 2017 : Debug: (1) sql: EXPAND %{User-Name}
Tue Sep 26 08:33:47 2017 : Debug: (1) sql:    --> hans at telesec
Tue Sep 26 08:33:47 2017 : Debug: (1) sql: SQL-User-Name set to 'hans at telesec'
Tue Sep 26 08:33:47 2017 : Info: rlm_sql (sql): Closing connection (1): Hit idle_timeout, was idle for 733 seconds
Tue Sep 26 08:33:47 2017 : Debug: rlm_sql_mysql: Socket destructor called, closing socket







Hans Bornemann
Abteilung Datanet

Technische Universität Dortmund
ITMC
Otto-Hahn-Str. 12
44227 Dortmund

Tel.: +49 231-755 2132

hans.bornemann at tu-dortmund.de
www.itmc.tu-dortmund.de



Wichtiger Hinweis: Die Information in dieser E-Mail ist vertraulich. Sie ist ausschließlich für den Adressaten bestimmt. Sollten Sie nicht der für diese E-Mail bestimmte Adressat sein, unterrichten Sie bitte den Absender und vernichten Sie diese Mail. Vielen Dank.
Unbeschadet der Korrespondenz per E-Mail, sind unsere Erklärungen ausschließlich final rechtsverbindlich, wenn sie in herkömmlicher Schriftform (mit eigenhändiger Unterschrift) oder durch Übermittlung eines solchen Schriftstücks per Telefax erfolgen.

Important note: The information included in this e-mail is confidential. It is solely intended for the recipient. If you are not the intended recipient of this e-mail please contact the sender and delete this message. Thank you. Without prejudice of e-mail correspondence, our statements are only legally binding when they are made in the conventional written form (with personal signature) or when such documents are sent by fax.

More information about the Freeradius-Users mailing list