Apologies for previous mail which was sent in HTML format. I reposted :)
Hints file
Hi,
We are currently setting up freeradius-1.0.0 on fedora core 2 to
act as a proxy server.
We found a problem with the hints file. The basic Hints file syntax that
used to work on a previous version of freeradius (on freeradius 0.8.1 it
worked fine) was :-
DEFAULT Suffix == "@"testrealm, Strip-User-Name == No
Hint == "testrealm"
We couldn't get this to work on freeradius-1.0.0. This managed to fix the
problem but we found no reason why. Can you explain? :-
DEFAULT Suffix == "@testrealm", Strip-User-Name == N
Hint == "testrealm"
Instead of Strip-User-Name == No we used Strip-User-Name == N
(we also tried a single = as in the examples provided in the hints file)
What was happening was that the Strip-User-Name == No was not being
processed correctly and the default value of "Yes" was being used which
results in proxying not functioning
Setting to "N" fixed the problem. I discovered this by trial and error.
Seeing some debugging before and after :-
Before (ie with Strip-User-Name == No)
rad_recv: Access-Request packet from host 10.0.0.1:47108,
id=213, length=131
User-Name = "[EMAIL PROTECTED]"
User-Password = "test"
NAS-IP-Address = 10.0.0.1
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Compression = None
NAS-Port-Type = Sync
NAS-Port = 29360226
Port-Limit = 0
Calling-Station-Id = " 08100000099"
Acct-Session-Id = "1049637047"
X-Ascend-Assign-IP-Pool = 30
Tue Aug 24 16:04:47 2004 : Debug: Processing the authorize section of
radiusd.conf
Tue Aug 24 16:04:47 2004 : Debug: modcall: entering group authorize for
request 0
Tue Aug 24 16:04:47 2004 : Debug: modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 0
Tue Aug 24 16:04:47 2004 : Debug: hints: Matched DEFAULT at 1
Tue Aug 24 16:04:47 2004 : Debug: modsingle[authorize]: returned from
preprocess (rlm_preprocess) for request 0
Tue Aug 24 16:04:47 2004 : Debug: modcall[authorize]: module "preprocess"
returns ok for request 0
Tue Aug 24 16:04:47 2004 : Debug: modsingle[authorize]: calling suffix
(rlm_realm) for request 0
Tue Aug 24 16:04:47 2004 : Debug: rlm_realm: No '@' in User-Name =
"dmifsud", skipping NULL due to config.
Tue Aug 24 16:04:47 2004 : Debug: modsingle[authorize]: returned from
suffix (rlm_realm) for request 0
Tue Aug 24 16:04:47 2004 : Debug: modcall[authorize]: module "suffix"
returns noop for request 0
Tue Aug 24 16:04:47 2004 : Debug: modsingle[authorize]: calling suffix
(rlm_realm) for request 0
Tue Aug 24 16:04:47 2004 : Debug: rlm_realm: No '@' in User-Name =
"dmifsud", skipping NULL due to config.
After (ie with Strip-User-Name == N)
rad_recv: Access-Request packet from host 10.0.0.1:47108, id=194, length=131
User-Name = "[EMAIL PROTECTED]"
User-Password = "test"
NAS-IP-Address = 10.0.0.1
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Compression = None
NAS-Port-Type = Sync
NAS-Port = 29360226
Port-Limit = 0
Calling-Station-Id = " 08100000099"
Acct-Session-Id = "1049637164"
X-Ascend-Assign-IP-Pool = 30
Tue Aug 24 16:17:01 2004 : Debug: Processing the authorize section of
radiusd.conf
Tue Aug 24 16:17:01 2004 : Debug: modcall: entering group authorize for
request 1
Tue Aug 24 16:17:01 2004 : Debug: modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 1
Tue Aug 24 16:17:01 2004 : Debug: hints: Matched DEFAULT at 1
Tue Aug 24 16:17:01 2004 : Debug: modsingle[authorize]: returned from
preprocess (rlm_preprocess) for request 1
Tue Aug 24 16:17:01 2004 : Debug: modcall[authorize]: module "preprocess"
returns ok for request 1
Tue Aug 24 16:17:01 2004 : Debug: modsingle[authorize]: calling suffix
(rlm_realm) for request 1
Tue Aug 24 16:17:01 2004 : Debug: rlm_realm: Looking up realm
"testrealm" for User-Name = "[EMAIL PROTECTED]"
Tue Aug 24 16:17:01 2004 : Debug: rlm_realm: Found realm "testrealm"
Tue Aug 24 16:17:01 2004 : Debug: rlm_realm: Proxying request from user
dmifsud to realm testrealm
Tue Aug 24 16:17:01 2004 : Debug: rlm_realm: Adding Realm = "testrealm"
Tue Aug 24 16:17:01 2004 : Debug: rlm_realm: Preparing to proxy
authentication request to realm "testrealm"
Tue Aug 24 16:17:01 2004 : Debug: modsingle[authorize]: returned from
suffix (rlm_realm) for request 1
Tue Aug 24 16:17:01 2004 : Debug: modcall[authorize]: module "suffix"
returns updated for request 1
Tue Aug 24 16:17:01 2004 : Debug: modsingle[authorize]: calling suffix
(rlm_realm) for request 1
Tue Aug 24 16:17:01 2004 : Debug: rlm_realm: Request already proxied.
Ignoring.
Tue Aug 24 16:17:01 2004 : Debug: modsingle[authorize]: returned from
suffix (rlm_realm) for request 1
Tue Aug 24 16:17:01 2004 : Debug: modcall[authorize]: module "suffix"
returns noop for request 1
Tue Aug 24 16:17:01 2004 : Debug: modsingle[authorize]: calling files
(rlm_files) for request 1
Tue Aug 24 16:17:01 2004 : Debug: users: Matched DEFAULT at 177
Tue Aug 24 16:17:01 2004 : Debug: modsingle[authorize]: returned from
files (rlm_files) for request 1
Tue Aug 24 16:17:01 2004 : Debug: modcall[authorize]: module "files"
returns ok for request 1
Tue Aug 24 16:17:01 2004 : Debug: modcall: group authorize returns updated
for request 1
Tnx
David
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
