On Monday 09 April 2007 14:32:31 Marcos Roberto Greiner wrote: > The problem I'm having is that if a user adds no realm, only the user, > the server is autenticating locally. I wanted it to deny the > authentication. How should I proceed?
A username with no realm will match the NULL realm. You can reject NULL realms with: == users == DEFAULT Realm == "NULL", Auth-Type := Reject == users == > hints file. Added only the following entry: > # The following entry is to be authenticated locally > DEFAULT Suffix == "@domain1.com", Strip-User-Name = Yes > Hint = "PPP", > Service-Type = Framed-User, > Framed-Protocol = PPP A realm definition for domain1.com and a small users file entry should do the same thing, as long as you don't add the nostrip option for the realm. > rad_recv: Access-Request packet from host a.b.c.d:3793, id=0, length=58 > User-Name = "[EMAIL PROTECTED]" > User-Password = "user" > Processing the authorize section of radiusd.conf > modcall: entering group authorize for request 0 > hints: Matched DEFAULT at 36 > modcall[authorize]: module "preprocess" returns ok for request 0 > modcall[authorize]: module "chap" returns noop for request 0 > modcall[authorize]: module "mschap" returns noop for request 0 > rlm_realm: No '@' in User-Name = "user", looking up realm NULL > rlm_realm: No such realm "NULL" This request matches the NULL realm, which should be impossible based on your configuration and the description of how the NULL realm works. The User-Name has a realm in this request, so it should match the DEFAULT realm if it is defined. Since the hints file matched at line 36 here, I assume you actually configured provider1.com instead of domain1.com in your hints file. Is this assumption correct? If not, what is in your hints file at line 36? Kevin Bonner
Description: PGP signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html