|
Hints file Hi, We
are currently setting up freeradius-1.0.0 on fedora core 2 to act as a proxy
server. We found a problem with the hints file. The basic
Hints file syntax that used to work on a previous version of freeradius (on
freeradius 0.8.1 it worked fine) was :- DEFAULT Suffix == "@”testrealm,
Strip-User-Name == No Hint ==
"testrealm" We couldn’t get this to work on
freeradius-1.0.0. This managed to fix the problem but we found no reason why.
Can you explain? :- DEFAULT Suffix == "@testrealm”,
Strip-User-Name == N Hint ==
"testrealm" Instead of Strip-User-Name == No we used Strip-User-Name
== N (we also tried a single = as in the examples provided
in the hints file) What was happening was that the Strip-User-Name == No
was not being processed correctly and the default value of “Yes”
was being used which results in proxying not functioning Setting to “N” fixed the problem. I discovered
this by trial and error. Seeing some debugging before and after :- Before (ie with Strip-User-Name
== No) rad_recv:
Access-Request packet from host 10.0.0.1:47108, id=213, length=131 User-Name
= "[EMAIL PROTECTED]"
User-Password = "test"
NAS-IP-Address = 10.0.0.1
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Compression = None
NAS-Port-Type = Sync NAS-Port =
29360226 Port-Limit
= 0
Calling-Station-Id = " 08100000099"
Acct-Session-Id = "1049637047" X-Ascend-Assign-IP-Pool
= 30 Tue Aug 24 16:04:47 2004 : Debug:
Processing the authorize section of radiusd.conf Tue Aug 24 16:04:47 2004 : Debug: modcall: entering
group authorize for request 0 Tue Aug 24 16:04:47 2004 : Debug:
modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Tue Aug 24 16:04:47 2004 : Debug: hints:
Matched DEFAULT at 1 Tue Aug 24 16:04:47 2004 : Debug:
modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Tue Aug 24 16:04:47 2004 : Debug:
modcall[authorize]: module "preprocess" returns ok for request 0 Tue Aug 24 16:04:47 2004 : Debug:
modsingle[authorize]: calling suffix (rlm_realm) for request 0 Tue Aug 24 16:04:47 2004 :
Debug: rlm_realm: No '@' in User-Name =
"dmifsud", skipping NULL due to config. Tue Aug 24 16:04:47 2004 : Debug:
modsingle[authorize]: returned from suffix (rlm_realm) for request 0 Tue Aug 24 16:04:47 2004 : Debug:
modcall[authorize]: module "suffix" returns noop for request 0 Tue Aug 24 16:04:47 2004 : Debug:
modsingle[authorize]: calling suffix (rlm_realm) for request 0 Tue Aug 24 16:04:47 2004 :
Debug: rlm_realm: No '@' in User-Name =
"dmifsud", skipping NULL due to config. After (ie with Strip-User-Name
== N) rad_recv: Access-Request packet from host 10.0.0.1:47108,
id=194, length=131 User-Name
= "[EMAIL PROTECTED]"
User-Password = "test"
NAS-IP-Address = 10.0.0.1
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Compression = None
NAS-Port-Type = Sync NAS-Port =
29360226 Port-Limit
= 0
Calling-Station-Id = " 08100000099"
Acct-Session-Id = "1049637164"
X-Ascend-Assign-IP-Pool = 30 Tue Aug 24 16:17:01 2004 : Debug:
Processing the authorize section of radiusd.conf Tue Aug 24 16:17:01 2004 : Debug: modcall: entering
group authorize for request 1 Tue Aug 24 16:17:01 2004 : Debug:
modsingle[authorize]: calling preprocess (rlm_preprocess) for request 1 Tue Aug 24 16:17:01 2004 : Debug: hints:
Matched DEFAULT at 1 Tue Aug 24 16:17:01 2004 : Debug:
modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 1 Tue Aug 24 16:17:01 2004 : Debug:
modcall[authorize]: module "preprocess" returns ok for request 1 Tue Aug 24 16:17:01 2004 : Debug:
modsingle[authorize]: calling suffix (rlm_realm) for request 1 Tue Aug 24 16:17:01 2004 :
Debug: rlm_realm: Looking up realm "testrealm"
for User-Name = "[EMAIL PROTECTED]" Tue Aug 24 16:17:01 2004 :
Debug: rlm_realm: Found realm "testrealm" Tue Aug 24 16:17:01 2004 :
Debug: rlm_realm: Proxying request from user dmifsud to
realm testrealm Tue Aug 24 16:17:01 2004 :
Debug: rlm_realm: Adding Realm = "testrealm" Tue Aug 24 16:17:01 2004 :
Debug: rlm_realm: Preparing to proxy authentication
request to realm "testrealm" Tue Aug 24 16:17:01 2004 : Debug:
modsingle[authorize]: returned from suffix (rlm_realm) for request 1 Tue Aug 24 16:17:01 2004 : Debug:
modcall[authorize]: module "suffix" returns updated for request 1 Tue Aug 24 16:17:01 2004 : Debug:
modsingle[authorize]: calling suffix (rlm_realm) for request 1 Tue Aug 24 16:17:01 2004 : Debug:
rlm_realm: Request already proxied. Ignoring. Tue Aug 24 16:17:01 2004 : Debug:
modsingle[authorize]: returned from suffix (rlm_realm) for request 1 Tue Aug 24 16:17:01 2004 : Debug:
modcall[authorize]: module "suffix" returns noop for request 1 Tue Aug 24 16:17:01 2004 : Debug:
modsingle[authorize]: calling files (rlm_files) for request 1 Tue Aug 24 16:17:01 2004 :
Debug: users: Matched DEFAULT at 177 Tue Aug 24 16:17:01 2004 : Debug:
modsingle[authorize]: returned from files (rlm_files) for request 1 Tue Aug 24 16:17:01 2004 : Debug:
modcall[authorize]: module "files" returns ok for request 1 Tue Aug 24 16:17:01 2004 : Debug: modcall: group
authorize returns updated for request 1 Tnx David |
- FW: Hints file "Strip-User-Name == No" problem. Is ... David Mifsud
- FW: Hints file "Strip-User-Name == No" problem... David Mifsud
