On Monday 09 April 2007 14:32:31 Marcos Roberto Greiner wrote: > The problem I'm having is that if a user adds no realm, only the user, > the server is autenticating locally. I wanted it to deny the > authentication. How should I proceed?
A username with no realm will match the NULL realm. You can reject NULL realms with: == users == DEFAULT Realm == "NULL", Auth-Type := Reject == users == > hints file. Added only the following entry: > # The following entry is to be authenticated locally > DEFAULT Suffix == "@domain1.com", Strip-User-Name = Yes > Hint = "PPP", > Service-Type = Framed-User, > Framed-Protocol = PPP A realm definition for domain1.com and a small users file entry should do the same thing, as long as you don't add the nostrip option for the realm. > rad_recv: Access-Request packet from host a.b.c.d:3793, id=0, length=58 > User-Name = "[EMAIL PROTECTED]" > User-Password = "user" > Processing the authorize section of radiusd.conf > modcall: entering group authorize for request 0 > hints: Matched DEFAULT at 36 > modcall[authorize]: module "preprocess" returns ok for request 0 > modcall[authorize]: module "chap" returns noop for request 0 > modcall[authorize]: module "mschap" returns noop for request 0 > rlm_realm: No '@' in User-Name = "user", looking up realm NULL > rlm_realm: No such realm "NULL" This request matches the NULL realm, which should be impossible based on your configuration and the description of how the NULL realm works. The User-Name has a realm in this request, so it should match the DEFAULT realm if it is defined. Since the hints file matched at line 36 here, I assume you actually configured provider1.com instead of domain1.com in your hints file. Is this assumption correct? If not, what is in your hints file at line 36? Kevin Bonner
pgpAUsH7FbwDX.pgp
Description: PGP signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
