Hi, I'm trying to use FreeRadius with Realms (using the form [EMAIL PROTECTED]). Basically, if a user uses [EMAIL PROTECTED], I want Radius to authenticate locally. If it's @provider2.com, 3.com, etc, on other servers listed in proxy.conf.
The problem I'm having is that if a user adds no realm, only the user, the server is autenticating locally. I wanted it to deny the authentication. How should I proceed? Thank you very much, Roberto My current setup and radius -X follows. I'm using MySQL as database (both for users and accounting) hints file. Added only the following entry: # The following entry is to be authenticated locally DEFAULT Suffix == "@domain1.com", Strip-User-Name = Yes Hint = "PPP", Service-Type = Framed-User, Framed-Protocol = PPP Users file. Commented the entry referencing to Auth-Type = System. No other changes. Nothing added to huntgroups The radius -X output: rad_recv: Access-Request packet from host a.b.c.d:3793, id=0, length=58 User-Name = "[EMAIL PROTECTED]" User-Password = "user" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 hints: Matched DEFAULT at 36 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "user", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 users: Matched entry DEFAULT at line 172 modcall[authorize]: module "files" returns ok for request 0 radius_xlat: 'user' rlm_sql (sql): sql_set_user escaped user --> 'user' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'user' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'user' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'user' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'user' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module "sql" returns ok for request 0 modcall[authorize]: module "pap" returns updated for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type pap auth: type "PAP" Processing the authenticate section of radiusd.conf modcall: entering group PAP for request 0 rlm_pap: login attempt with password user rlm_pap: Using CRYPT encryption. rlm_pap: User authenticated succesfully modcall[authenticate]: module "pap" returns ok for request 0 modcall: leaving group PAP (returns ok) for request 0 Login OK: [user] (from client dsu24 port 0) Sending Access-Accept of id 0 to a.b.c.d port 3793 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type := Framed-User Framed-Compression := Van-Jacobson-TCP-IP Framed-Protocol := PPP Session-Timeout := 7200 Finished request 0 Going to the next request -- ----------------------------------------------------- Marcos Roberto Greiner Os otimistas acham que estamos no melhor dos mundos Os pessimistas tem medo de que isto seja verdade Murphy ----------------------------------------------------- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html