Hi all, we're using FreeRadius 1.1.6 to give access to our WLAN with EAP-TTLS. Worked great so far.
No we want to participate in inter University roaming (eduroam) and thus have to proxy some requests a parent server. Everything works great except regarding the outer identity. If it's just "anonymous" everything is ok, but if it's "anonymous@<somerealm>" and <somerealm> is configured in proxy.conf the EAP-Request ist proxied instead of terminated. This is correct by configuration but not wanted. Is there a way to terminate the EAP regardless of the outer identity? Here's an example: User-Name = "[EMAIL PROTECTED]" Calling-Station-Id = "00-18-DE-B5-3A-E2" ... EAP-Message = 0x0201001e01616e6f6e796d6f75734074752d6461726d73746164742e 6465 Message-Authenticator = 0x7a211176339c3e2ee9f7a0fe56864b2a ... rlm_realm: Looking up realm "tu-darmstadt.de" for User-Name = "[EMAIL PROTECTED]" rlm_realm: Found realm "tu-darmstadt.de" rlm_realm: Adding Stripped-User-Name = "anonymous" rlm_realm: Proxying request from user anonymous to realm tu-darmstadt.de rlm_realm: Adding Realm = "tu-darmstadt.de" rlm_realm: Preparing to proxy authentication request to realm "tu-darmstadt. de" modcall[authorize]: module "suffix" returns updated for request 6 rlm_eap: Request is supposed to be proxied to Realm tu-darmstadt.de. Not doing EAP. modcall[authorize]: module "eap" returns noop for request 6 ... How can I bypass proxy authentication for EAP-Messages? This is the setup in users: ... # matches request without any realm (local) DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Realm !* "NULL", Proxy-To-Realm := MyRealm User-Name = `%{User-Name}`,Fall-Through = Yes # matches requests going explicitly to tu-darmstadt.de (local) DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Realm == "tu-darmstadt.de", Proxy-To-Realm := MyRealm User-Name = `%{User-Name}`,Fall-Through = Yes # matches requests going parent radius DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Realm == DEFAULT, Proxy-To-Realm := Parent User-Name = `%{User-Name}`,Fall-Through = Yes ... Thanks a lot, -Andreas -- Andreas Liebe/Darmstadt University of Technology/+49 6151 16-3150/3050(FAX)
signature.asc
Description: This is a digitally signed message part
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html