authentication fails because of the realm isn't stripped
Alan DeKok
aland at deployingradius.com
Tue Sep 26 13:46:24 CEST 2017
On Sep 26, 2017, at 2:57 AM, hans.bornemann at tu-dortmund.de wrote:
>
> the authentication fails because of the realm isn't stripped.
The realm is stripped. Please read the debug output.
> the man page says: "by default the realm is stripped ..."
Quoting the documentation isn't helpful. We know what it says.
> Tue Sep 26 08:33:47 2017 : Debug: (1) User-Name = "hans at telesec"
Please follow the documentation. EVERYTHING says to use "radiusd -X".
> Tue Sep 26 08:33:47 2017 : Debug: (1) suffix: Checking for suffix after "@"
> Tue Sep 26 08:33:47 2017 : Debug: (1) suffix: Looking up realm "telesec" for User-Name = "hans at telesec"
> Tue Sep 26 08:33:47 2017 : Debug: (1) suffix: Found realm "telesec"
> Tue Sep 26 08:33:47 2017 : Debug: (1) suffix: Adding Stripped-User-Name = "hans"
> Tue Sep 26 08:33:47 2017 : Debug: (1) suffix: Adding Realm = "telesec"
> Tue Sep 26 08:33:47 2017 : Debug: (1) suffix: Authentication realm is LOCAL
See the word "Stripped" there? That's a hint that the realm is being stripped.
And no, the User-Name attribute is *not* modified. That's a bad idea for a whole host of reasons.
> Tue Sep 26 08:33:47 2017 : Debug: (1) modsingle[authorize]: calling sql (rlm_sql)
> Tue Sep 26 08:33:47 2017 : Debug: %{User-Name}
> Tue Sep 26 08:33:47 2017 : Debug: Parsed xlat tree:
> Tue Sep 26 08:33:47 2017 : Debug: attribute --> User-Name
> Tue Sep 26 08:33:47 2017 : Debug: (1) sql: EXPAND %{User-Name}
> Tue Sep 26 08:33:47 2017 : Debug: (1) sql: --> hans at telesec
> Tue Sep 26 08:33:47 2017 : Debug: (1) sql: SQL-User-Name set to 'hans at telesec'
See the SQL configuration. For you, raddb/mods-config/sql/main/mysql/queries.conf
Look for sql_user_name, and read the documentation.
Alan DeKok.
More information about the Freeradius-Users
mailing list