Suffix authentication in users file

[Ewan Leith]

Ive just been trying to get freeradius working instead of citron radius, but I've ran into a problem with the suffix parameter setting in /etc/raddb/users.

My understanding of the Suffix was that:

DEFAULT Suffix == "NC", Auth-Type := System
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-IP-Netmask = 255.0.0.0,
Framed-Routing = Broadcast-Listen,
Framed-Filter-Id = "std.ppp",
Framed-Compression = Van-Jacobsen-TCP-IP

would authenticate against the system with the username minus the "NC"
suffix, but this doesn't seem to be happening, and the username is being
passed in its entirity. I've found a Strip-User-Name setting but that
just seems to exist for the hints files.

Running radiusd -X I get
rad_recv: Access-Request packet from host 127.0.0.1:62037, id=39, length=61
User-Name = "testNC"
User-Password = "password"
NAS-IP-Address = 255.255.255.255
NAS-Port = 15
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
modcall[authorize]: module "mschap" returns notfound
rlm_realm: No '@' in User-Name = "testNC", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 150
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type System
auth: type "System"
modcall: entering group authenticate
modcall[authenticate]: module "unix" returns notfound
modcall: group authenticate returns notfound
auth: Failed to validate the user.

Have i missed something? Im sure this used to work as I expect it in
cistron radius. Do I need to alter something to pass only the username
and not the suffix, is it even possible?

Im running AIX 4.3.3 and freeradius 0.80

Thanks,
Ewan


- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html