Hi, > we do have one realm configured domainname.com which works perfectly. every > user who wants to authenticate with a different realm is proxied to an > outside radius. server. the setup works fine. > > we do have some mobile devices who send something like: > usern...@company.com@wlan.mnc003.mc > usern...@company.com@Verisign...
as Stefan says - this looks suspiciously like Nokia Symbian clients. if the client hasnt been configured correctly it will send the CN of the certificate as the realm details...and other things - so you get that double realm issue... which might get to you via external proxy.. or might not. reject if you see more than one @ - or, if these are your people, find them and fix their client. (in case of Nokia, its ensure that the realm is specified rather than left to default setting. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html