Hi, I'm building 'backend' radius servers, that only have to know about one domain - the default one, despite the stuff the users put into their login names.
I have the following config (proxy.conf): proxy server { default_fallback = no } realm LOCAL { } realm NULL { authhost = LOCAL accthost = LOCAL secret = NONE } realm DEFAULT { authhost = LOCAL accthost = LOCAL secret = NONE } But when I try to auth something that has a domain - it doesn't get recognised properly: Config: including file: /etc/freeradius/radiusd.conf Config: including file: /etc/freeradius/proxy.conf Config: including file: /etc/freeradius/clients.conf Config: including file: /etc/freeradius/snmp.conf Config: including file: /etc/freeradius/sql.conf Config: including file: /etc/freeradius/sql/postgresql-auth.conf Config: including file: /etc/freeradius/sql/postgresql-acct.conf FreeRADIUS Version 2.0.0-pre1, for host i486-pc-linux-gnu, built on Jul 2 2007 at 17:42:30 Starting - reading configuration files ... read_config_files: reading dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no snmp = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 allow_core_dumps = no log_stripped_names = yes log_file = "/var/log/freeradius/radius.log" log_auth = no log_auth_badpass = yes log_auth_goodpass = no pidfile = "/var/run/freeradius/freeradius.pid" user = "freerad" group = "freerad" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { syslog_facility = "daemon" } proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } realm LOCAL { ldflag = fail_over } realm NULL { ldflag = fail_over secret = NONE } realm DEFAULT { ldflag = fail_over secret = NONE } port = 1812 listen { type = "auth" ipaddr = * port = 1812 } listen { type = "acct" ipaddr = * port = 1813 } client 127.0.0.1 { secret = "testing123" shortname = "localhost" nastype = "other" } client 10.119.10.23/32 { secret = "xyz" shortname = "akl-grafton-radproxy1" } client 10.119.10.24/32 { secret = "xyz" shortname = "akl-grafton-radproxy2" } radiusd: entering modules setup radiusd: Library search path is /usr/lib/freeradius instantiate { } modules { Module: Instantiating section authenticate Module: Linked to module rlm_pap Module: Instantiating pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating chap Module: Instantiating section authorize Module: Linked to module rlm_preprocess Module: Instantiating preprocess preprocess { huntgroups = "/etc/freeradius/huntgroups" hints = "/etc/freeradius/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = yes with_alvarion_vsa_hack = no } Module: Linked to module rlm_detail Module: Instantiating auth_log detail auth_log { detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_realm Module: Instantiating suffix realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = yes } Module: Linked to module rlm_sql Module: Instantiating sql_auth sql sql_auth { driver = "rlm_sql_postgresql" server = "10.119.15.5" port = "" login = "raduser" password = "raduser" radius_db = "radbackend" sqltrace = no sqltracefile = "/var/log/freeradius/sqltrace.sql" readclients = no deletestalesessions = yes num_sql_socks = 5 sql_user_name = "%{Stripped-User-Name:-%{User-Name}}" default_user_profile = "" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" QUERIES STRIPPED } rlm_sql (sql_auth): Driver rlm_sql_postgresql (module rlm_sql_postgresql) loaded and linked rlm_sql (sql_auth): Attempting to connect to [EMAIL PROTECTED]:/radbackend rlm_sql (sql_auth): starting 0 rlm_sql (sql_auth): Attempting to connect rlm_sql_postgresql #0 rlm_sql (sql_auth): Connected new DB handle, #0 rlm_sql (sql_auth): starting 1 rlm_sql (sql_auth): Attempting to connect rlm_sql_postgresql #1 rlm_sql (sql_auth): Connected new DB handle, #1 rlm_sql (sql_auth): starting 2 rlm_sql (sql_auth): Attempting to connect rlm_sql_postgresql #2 rlm_sql (sql_auth): Connected new DB handle, #2 rlm_sql (sql_auth): starting 3 rlm_sql (sql_auth): Attempting to connect rlm_sql_postgresql #3 rlm_sql (sql_auth): Connected new DB handle, #3 rlm_sql (sql_auth): starting 4 rlm_sql (sql_auth): Attempting to connect rlm_sql_postgresql #4 rlm_sql (sql_auth): Connected new DB handle, #4 Module: Instantiating section preacct Module: Linked to module rlm_acct_unique Module: Instantiating acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } Module: Instantiating section accounting Module: Instantiating detail detail { detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Instantiating sql_acct sql sql_acct { driver = "rlm_sql_postgresql" server = "10.119.15.6" port = "" login = "raduser" password = "raduser" radius_db = "radbackend" sqltrace = no sqltracefile = "/var/log/freeradius/sqltrace.sql" readclients = no deletestalesessions = yes num_sql_socks = 5 sql_user_name = "%{Stripped-User-Name:-%{User-Name}}" default_user_profile = "" QUERIES STRIPPED } rlm_sql (sql_acct): Driver rlm_sql_postgresql (module rlm_sql_postgresql) loaded and linked rlm_sql (sql_acct): Attempting to connect to [EMAIL PROTECTED]:/radbackend rlm_sql (sql_acct): starting 0 rlm_sql (sql_acct): Attempting to connect rlm_sql_postgresql #0 rlm_sql (sql_acct): Connected new DB handle, #0 rlm_sql (sql_acct): starting 1 rlm_sql (sql_acct): Attempting to connect rlm_sql_postgresql #1 rlm_sql (sql_acct): Connected new DB handle, #1 rlm_sql (sql_acct): starting 2 rlm_sql (sql_acct): Attempting to connect rlm_sql_postgresql #2 rlm_sql (sql_acct): Connected new DB handle, #2 rlm_sql (sql_acct): starting 3 rlm_sql (sql_acct): Attempting to connect rlm_sql_postgresql #3 rlm_sql (sql_acct): Connected new DB handle, #3 rlm_sql (sql_acct): starting 4 rlm_sql (sql_acct): Attempting to connect rlm_sql_postgresql #4 rlm_sql (sql_acct): Connected new DB handle, #4 Module: Linked to module rlm_attr_filter Module: Instantiating attr_filter.accounting_response attr_filter attr_filter.accounting_response { attrsfile = "/etc/freeradius/attrs.accounting_response" key = "%{User-Name}" } Module: Instantiating section post-auth Module: Instantiating reply_log detail reply_log { detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Instantiating attr_filter.access_reject attr_filter attr_filter.access_reject { attrsfile = "/etc/freeradius/attrs.access_reject" key = "%{User-Name}" } } Initializing the thread pool... Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on proxy address * port 1814 Ready to process requests. Nothing to do. Sleeping until we see a request. Processing the authorize section of radiusd.conf +- entering group authorize hints: Matched DEFAULT at 4 ++[preprocess] returns ok radius_xlat: '/var/log/freeradius/radacct/127.0.0.1/auth-detail-20070709' rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/1 27.0.0.1/auth-detail-20070709 radius_xlat: 'Mon Jul 9 22:56:01 2007' ++[auth_log] returns ok ++[chap] returns noop rlm_realm: Looking up realm "adsl.ihug.co.nz" for User-Name = "[EMAIL PROTECTED]" rlm_realm: No such realm "adsl.ihug.co.nz" ++[suffix] returns noop radius_xlat: '[EMAIL PROTECTED]' rlm_sql (sql_auth): sql_set_user escaped user --> '[EMAIL PROTECTED]' rlm_sql (sql_auth): Reserving sql socket id: 4 radius_xlat: 'SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = 'salman [EMAIL PROTECTED]' ORDER BY id' rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 0 , fields = 5 radius_xlat: 'SELECT GroupName FROM radusergroup WHERE UserName='[EMAIL PROTECTED]' ORDER BY priority' rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 0 , fields = 1 rlm_sql (sql_auth): Released sql socket id: 4 rlm_sql (sql_auth): User [EMAIL PROTECTED] not found ++[sql_auth] returns notfound rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop +- group authorize returns ok auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Found Post-Auth-Type Reject Processing the post-auth section of radiusd.conf +- entering group REJECT radius_xlat: '[EMAIL PROTECTED]' attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated +- group REJECT returns updated Delaying reject of request 0 for 1 seconds Going to the next request Sending delayed reject for request 0 Waking up in 4 seconds... Any ideas why it ignores the "DEFAULT" realm? Or alternatively - how else can I get the Stripped-User-Name ? kind regards Pshem - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html