Hi, > Thank you very much! The problem is solved! I note you are usiong the DEFAULT realm for sending things upstream. as a federation operator this concerns me - as it means all kinds of junk gets sent upstream for the remote proxy to deal with. I would strongly advise that you rename that realm to eg EDUROAM and then in the authorise section of the server add some unlang to verify the user-name is legitimate and , if it is,
update control { Proxy-To-Realm := "EDUROAM" } update request { Realm := "EDUROAM" } eg. as a rough , crude example if ("%{User-Name}" =~ /@.*\\s$/i ) { update reply { Reply-Message = "misconfigured realm ending in whitespace" } reject } if("%{User-Name}" =~ /@(.+)?@/i ) { update reply { Reply-Message = "rejected mutliple @ in username" } reject } if ("%{User-Name}" =~ /3gppnetwork\\.org$/i ) { reject } if ("%{User-Name}" =~ /myabc\\.com$/i ) { reject } if("%{User-Name}" =~ /\\\\?([^@\\\\]+)@?([-[:alnum:]._]*)?$/) { if(!"%{2}" || ("%{2}" =~ /^your.realm$/i) ) { update request { Realm := "local" } if(!"%{2}" && ("%{User-Name}" =~ /^@/) && ("%{User-Name}" != "@your.realm") ) { update control { Proxy-To-Realm := "EDUROAM" } update request { Realm := "EDUROAM" } } } } alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html