Hello Alan!
Here is the output of a sample RADIUS Request with the realm "host" as the
prefix. It seems as if the rlm_realm is only looking for the "@" character as a
delimiter. Below my output I have pasted the relevant content of the
"/opt/etc/raddb/modules" file.
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 172.24.110.198 port 1094, id=91,
length=118
User-Name = "host/habakuk"
User-Password = "habakuk"
NAS-IP-Address = 172.24.110.198
NAS-Port = 1101
NAS-Port-Type = Virtual
Calling-Station-Id = "00-01-F4-6F-28-E0"
Called-Station-Id = "00-01-F4-6F-28-E0"
NAS-Port-Id = "host.0.1"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "host/habakuk", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "host/habakuk"
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
++[suffix] returns ok
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
/opt/etc/raddb/modules:
# -*- text -*-
#
# $Id: realm,v 1.1 2008/05/30 09:18:46 aland Exp $
# Realm module, for proxying.
#
# You can have multiple instances of the realm module to
# support multiple realm syntaxs at the same time. The
# search order is defined by the order that the modules are listed
# in the authorize and preacct sections.
#
# Four config options:
# format - must be "prefix" or "suffix"
# The special cases of "DEFAULT"
# and "NULL" are allowed, too.
# delimiter - must be a single character
# 'realm/username'
#
# Using this entry, IPASS users have their realm set to "IPASS".
realm IPASS {
format = prefix
delimiter = "/"
}
realm prefix {
format = prefix
delimiter = "/"
}
# '[EMAIL PROTECTED]'
#
realm suffix {
format = suffix
delimiter = "@"
}
# 'username%realm'
#
realm realmpercent {
format = suffix
delimiter = "%"
}
#
# 'domain\user'
#
realm ntdomain {
format = prefix
delimiter = "\\"
}
The corresponding configuration in the "/opt/etc/raddb/proxy.conf" file is the
following:
realm host {
auth_pool = ias_failover
}
The auth_pool is configured properly and I have succesfully tested an
authentication. Why is freeradius not searching for the "/" character as a
delimiter? Any idea?
-----Ursprüngliche Nachricht-----
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von [EMAIL
PROTECTED]
Gesendet: Montag, 01. September 2008 21:31
An: FreeRadius users mailing list
Betreff: Re: Realm delimiter characters
Hi,
> Question: WHERE does this configuration go? I have not found any suitable
> configuration file. According to an outdated info in the wiki, this
> information is supposed to be made in the radiusd.conf ... but this
> information is no longer valid for version 2.0.5.
almost all of the functionality has been moved into 2 locations, either virtual
servers (located in sites-available, to which you put a softlink from
site-enabled), or modules (all located in the module
directory) - in this case, realms are moved into the modules directory. you may
need to 'activate' prefix or suffix to get the delimiters working.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Oesterreichische Lotterien Gesellschaft m.b.H., Rennweg 44, A-1038 Wien,
FN 54472 g, Handelsgericht Wien, DVR-Nr: 0476706
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
