At Thu, 25 Mar 2004 14:23:07 +0000,
Alex French wrote:
>
> All,
>
Hi
> I'm having a problem getting slashrealm ("/") and atsuffix ("@")
> realms to co-exist. If I configure them both, only the first one
> seems to work.
>
This is not true. I have configuration with the 2 instances of the
realm module and works OK. So is yours as you will see in the
logs. The order is important if you want to have precedence of '/'
over '@'. So when you have a username of the form
realm1/[EMAIL PROTECTED] and you have slashrealm before atsuffix in
radiusd.conf realm1 will match.
> For example, here I'm trying to use a realm "wibble". With the
> configuration below, it will work as wibble/alex but not [EMAIL PROTECTED]
> If I reverse the order of the entries on the authorize section, the
> reverse is true.
>
This is not true.
> Can't find anything on google or mailing list archives... how can I
> get two realm types to coexist?
>
> Thanks,
>
> Alex
>
> From radius.conf
> ----
> realm realmslash {
> format = prefix
> delimiter = "/"
> }
>
> # '[EMAIL PROTECTED]'
> #
> realm atsuffix {
> format = suffix
> delimiter = "@"
> }
>
> authorize {
> preprocess
> realmslash
> atsuffix
> files
> }
>
> ---
>
>
>
> From proxy.conf:
> ---
> realm wibble {
> type = LOCAL
> authhost = LOCAL
> accthost = LOCAL
> strip
> }
> ---
>
>
> From -X debug:
>
> ---
>
> --- Walking the entire request list ---
> Cleaning up request 2 ID 65 with timestamp 4062e77a
> Nothing to do. Sleeping until we see a request.
> rad_recv: Access-Request packet from host 212.17.45.21:64183, id=70, length=64
> User-Name = "[EMAIL PROTECTED]"
> User-Password = "mypassword"
> NAS-IP-Address = 255.255.255.255
> NAS-Port = 666
> modcall: entering group authorize for request 3
> modcall[authorize]: module "preprocess" returns ok for request 3
> modcall[authorize]: module "chap" returns noop for request 3
> rlm_realm: No '/' in User-Name = "[EMAIL PROTECTED]", looking up realm NULL
> rlm_realm: Found realm "NULL"
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This is your problem. You have a NULL realm configured in proxy.conf
so the first instance of the realm module (slashrealm or atsuffix)
always matches this. Remove the NULL realm and everything will work
fine.
> rlm_realm: Adding Stripped-User-Name = "[EMAIL PROTECTED]"
> rlm_realm: Proxying request from user [EMAIL PROTECTED] to realm NULL
> rlm_realm: Adding Realm = "NULL"
> rlm_realm: Authentication realm is LOCAL.
> modcall[authorize]: module "realmslash" returns noop for request 3
> rlm_realm: Request already proxied. Ignoring.
> modcall[authorize]: module "atsuffix" returns noop for request 3
> radius_xlat: '[EMAIL PROTECTED]'
> rlm_sql (sql): sql_set_user escaped user --> '[EMAIL PROTECTED]'
> ... etc...
>
> ---
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
Hope I helped.
Kostas
--
Kostas Zorbadelos
Currently at: Otenet IT Department
mailto: [EMAIL PROTECTED]
Out there in the darkness, out there in the night
out there in the starlight, one soul burns brighter
than a thousand suns.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
