EAP-TTLS + PAP + files, not stripping realm.

Thu, 04 Mar 2004 09:29:19 -0800

Hello.

I'm trying to proxy requests to LOCAL, but the realm part of the username
isn't stripped.

FreeRADIUS: 20040304 CVS
Protocols: EAP-TTLS + PAP
User db: files
proxying to LOCAL

It is important that users may use only the "[EMAIL PROTECTED]" username
instead of just the "username". The configuration I have, works for the
"username".

radiusd.conf:
=============
proxy_requests = yes
$INCLUDE  ${confdir}/proxy.conf

modules {
        realm example.domain {
                format = suffix
                delimeter = "@"
        }
}

preproxy_users:
===============
DEFAULT
        User-Name := `%{Stripped-User-Name:-%{User-Name}}`


proxy.conf:
===========
proxy server {
        synchronous = yes
        retry_delay = 5
        retry_count = 3
        dead_time = 120
        default_fallback = yes
        post_proxy_authorize = yes
}

realm example.domain {
        type            = radius
        authhost        = LOCAL
        accthost        = LOCAL
}
# nostrip isn't used.. shouldn't this
# strip the domain part ?
# I have no NULL or DEFAULT realm.



Log from radiusd -Xxxxxx
========================
[...]
rad_recv: Access-Request packet from host xyz, id=120, length=236
        User-Name = "[EMAIL PROTECTED]"
[...]
Thu Mar  4 18:22:18 2004 : Debug:   rlm_eap_ttls: Session established.  Proceeding to 
decode tunneled attributes.
  TTLS tunnel data in 0000: 00 00 00 01 40 00 00 1e 73 74 75 64 65 6e 74 35
  TTLS tunnel data in 0010: 40 66 64 76 2e 75 6e 69 2d 6c 6a 2e 73 69 00 00
  TTLS tunnel data in 0020: 00 00 00 02 40 00 00 0e 31 32 33 34 35 36 00 00
  TTLS: Got tunneled request
        User-Name = "[EMAIL PROTECTED]"
        User-Password = "blah"
        FreeRADIUS-Proxied-To = 127.0.0.1
  TTLS: Sending tunneled request
        User-Name = "[EMAIL PROTECTED]"
        User-Password = "blah"
        FreeRADIUS-Proxied-To = 127.0.0.1



And here is the problem. This should be the
"userxy" and not the "[EMAIL PROTECTED]".

I have an odd feeling that request isn't proxied :-/. After the log line:
Thu Mar  4 18:12:58 2004 : Info: Listening on IP address *, ports 1812/udp and 
1813/udp, with proxy on 1814/udp.
string "proxy" doesn't occur anymore.

What am I doing wrong ?  I read thru the docs and man pages but can't find the 
solution,
could someone please point me in the right direction ?

--
Best regards,
Rok Papez.


- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to