Eduroam and Univention freeradius setup
Alan DeKok
aland at deployingradius.com
Thu Oct 15 23:49:23 CEST 2020
On Oct 15, 2020, at 5:13 PM, Eric Browning via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> I can authenticate my test eduroam testuser with it's "@eduroam.us" but
> when I try to authenticate one of my own users "
> testuser at skaggscatholiccenter.org" it just gets proxied back to eduroam via
> the default realm. I have attempted to make realm skaggscatholiccenter.org {
> and it just skips over it right to default after looking for NULL.
The debug log shows...
> realm SKAGGSCATHOLICC {
> }
That's not "skaggscatholiccenter.org"
> Ready to process requests
> (0) Received Access-Request Id 192 from 163.253.31.2:49082 to
> 172.16.0.97:1812 length 258
> (0) User-Name = "testuser at skaggscatholiccenter.org"
Which isn't the same as the "realm" you added.
> (0) [mschap] = noop
> (0) ntdomain: Checking for prefix before "\"
> (0) ntdomain: No '\' in User-Name = "testuser at skaggscatholiccenter.org",
> looking up realm NULL
> (0) ntdomain: Found realm "DEFAULT"
> (0) ntdomain: Adding Realm = "DEFAULT"
> (0) ntdomain: Proxying request from user testuser at skaggscatholiccenter.org to
> realm DEFAULT
> (0) ntdomain: Preparing to proxy authentication request to realm "DEFAULT"
> (0) [ntdomain] = updated
You've also removed the "suffix" module from the default config. The "suffix" module checks for "user at realm".
The "ntdomain" module checks for "REALM\user".
1) create a realm with the correct name
2) add the "suffix" module back in, before the "ntdomain" module in sites-enabled/default
It will then work.
Alan DeKok.
More information about the Freeradius-Users
mailing list