subject:"Default realm in 2.0.0\-pre1"

Default realm in 2.0.0-pre1

2007-07-09 Thread Pshem Kowalczyk

Hi,

I'm building 'backend' radius servers, that only have to know about
one domain - the default one, despite the stuff the users put into
their login names.

I have the following config (proxy.conf):

proxy server {
default_fallback = no
}

realm LOCAL {

}
realm NULL {
authhost= LOCAL
accthost= LOCAL
secret  = NONE
}

realm DEFAULT {
authhost= LOCAL
accthost= LOCAL
secret  = NONE
}

But when I try to auth something that has a domain - it doesn't get
recognised properly:

Config:   including file: /etc/freeradius/radiusd.conf
Config:   including file: /etc/freeradius/proxy.conf
Config:   including file: /etc/freeradius/clients.conf
Config:   including file: /etc/freeradius/snmp.conf
Config:   including file: /etc/freeradius/sql.conf
Config:   including file: /etc/freeradius/sql/postgresql-auth.conf
Config:   including file: /etc/freeradius/sql/postgresql-acct.conf
FreeRADIUS Version 2.0.0-pre1, for host i486-pc-linux-gnu, built on
Jul  2 2007 at 17:42:30
Starting - reading configuration files ...
read_config_files:  reading dictionary
main {
prefix = /usr
localstatedir = /var
logdir = /var/log/freeradius
libdir = /usr/lib/freeradius
radacctdir = /var/log/freeradius/radacct
hostname_lookups = no
snmp = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
log_stripped_names = yes
log_file = /var/log/freeradius/radius.log
log_auth = no
log_auth_badpass = yes
log_auth_goodpass = no
pidfile = /var/run/freeradius/freeradius.pid
user = freerad
group = freerad
checkrad = /usr/sbin/checkrad
debug_level = 0
proxy_requests = yes
 log {
syslog_facility = daemon
 }
 proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
 }
 security {
max_attributes = 200
reject_delay = 1
status_server = yes
 }
}
 realm LOCAL {
ldflag = fail_over
 }
 realm NULL {
ldflag = fail_over
secret = NONE
 }
 realm DEFAULT {
ldflag = fail_over
secret = NONE
 }
port = 1812
 listen {
type = auth
ipaddr = *
port = 1812
 }
 listen {
type = acct
ipaddr = *
port = 1813
 }
 client 127.0.0.1 {
secret = testing123
shortname = localhost
nastype = other
 }
 client 10.119.10.23/32 {
secret = xyz
shortname = akl-grafton-radproxy1
 }
 client 10.119.10.24/32 {
secret = xyz
shortname = akl-grafton-radproxy2
 }
radiusd:  entering modules setup
radiusd: Library search path is /usr/lib/freeradius
 instantiate {
 }
 modules {
 Module: Instantiating section authenticate
 Module: Linked to module rlm_pap
 Module: Instantiating pap
  pap {
encryption_scheme = auto
auto_header = no
  }
 Module: Linked to module rlm_chap
 Module: Instantiating chap
 Module: Instantiating section authorize
 Module: Linked to module rlm_preprocess
 Module: Instantiating preprocess
  preprocess {
huntgroups = /etc/freeradius/huntgroups
hints = /etc/freeradius/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = yes
with_alvarion_vsa_hack = no
  }
 Module: Linked to module rlm_detail
 Module: Instantiating auth_log
  detail auth_log {
detailfile =
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
header = %t
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
  }
 Module: Linked to module rlm_realm
 Module: Instantiating suffix
  realm suffix {
format = suffix
delimiter = @
ignore_default = no
ignore_null = yes
  }
 Module: Linked to module rlm_sql
 Module: Instantiating sql_auth
  sql sql_auth {
driver = rlm_sql_postgresql
server = 10.119.15.5
port = 
login = raduser
password = raduser
radius_db = radbackend
sqltrace = no
sqltracefile = /var/log/freeradius/sqltrace.sql
readclients = no
deletestalesessions = yes
num_sql_socks = 5
sql_user_name = %{Stripped-User-Name:-%{User-Name}}
default_user_profile = 
safe-characters =
@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
/
QUERIES STRIPPED
  }
rlm_sql (sql_auth): Driver rlm_sql_postgresql (module
rlm_sql_postgresql) loaded and linked
rlm_sql (sql_auth): Attempting to connect to [EMAIL PROTECTED]:/radbackend
rlm_sql (sql_auth): starting 0
rlm_sql (sql_auth): Attempting to connect rlm_sql_postgresql #0
rlm_sql (sql_auth): Connected new DB handle, #0

Re: Default realm in 2.0.0-pre1

2007-07-09 Thread Alan DeKok

Pshem Kowalczyk wrote:
 I'm building 'backend' radius servers, that only have to know about
 one domain - the default one, despite the stuff the users put into
 their login names.
...
 rlm_sql (sql_auth): User [EMAIL PROTECTED] not found
 ++[sql_auth] returns notfound
 rlm_pap: WARNING! No known good password found for the user.


 Any ideas why it ignores the DEFAULT realm? Or alternatively - how
 else can I get the Stripped-User-Name ?

  The ignore_default and ignore_null configurations in rlm_realm
should be removed from 2.x.  They can better be done with the new
configuration language.

  To get the stripped user name, just do:

if (%{User-Name} =~ /^(.*)@(.*)$/) {
update request {
Stripped-User-Name := %{1}
Realm := %{2}
}
}

  Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Default realm in 2.0.0-pre1

2007-07-09 Thread Pshem Kowalczyk

Some more details:

authorize {
preprocess
if (%{User-Name} =~ /^(.*)@(.*)$/) {
update request {
Stripped-User-Name := xyz
Realm := abc
}
}
auth_log
chap
suffix
sql
pap
}


freeradius -X
Config:   including file: /etc/freeradius/radiusd.conf
Config:   including file: /etc/freeradius/clients.conf
Config:   including file: /etc/freeradius/snmp.conf
Config:   including file: /etc/freeradius/sql.conf
Config:   including file: /etc/freeradius/sql/postgresql-dialup.conf
/etc/freeradius/radiusd.conf[177]: Line is not in 'attribute = value' format
Errors reading /etc/freeradius/radiusd.conf


kind regards
Pshem
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Default realm in 2.0.0-pre1

2007-07-09 Thread Alan DeKok

Pshem Kowalczyk wrote:
 Is that functionality available in the 2.0.0-pre1?

  No.

  You need the CVS head.

  Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Default realm in 2.0.0-pre1

2007-07-09 Thread Pshem Kowalczyk

On 10/07/07, Alan DeKok [EMAIL PROTECTED] wrote:
 Pshem Kowalczyk wrote:
  Is that functionality available in the 2.0.0-pre1?

   No.

   You need the CVS head.

Ok. Then I'll have a look into this later, for now - I figured out
that the easiest way of fixing my problem is to do it like this:
attr_rewrite strip_domain {
attribute = User-Name
searchin = packet
searchfor = @(.*)
replacewith = 
ignore_case = yes
max_matches = 1
append = no
}

Thanks for your help and when is the -pre2 coming ? ;-)

kind regards
pshem
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Default realm in 2.0.0-pre1

2007-07-09 Thread Alan DeKok

Pshem Kowalczyk wrote:
 Thanks for your help and when is the -pre2 coming ? ;-)

  ASAP, I hope.

  Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Default realm in 2.0.0-pre1

Re: Default realm in 2.0.0-pre1

Re: Default realm in 2.0.0-pre1

Re: Default realm in 2.0.0-pre1

Re: Default realm in 2.0.0-pre1

Re: Default realm in 2.0.0-pre1

6 matches

Site Navigation

Mail list logo

Footer information