Kevin Bonner wrote:
> On Monday 09 April 2007 14:32:31 Marcos Roberto Greiner wrote:
>> The problem I'm having is that if a user adds no realm, only the user,
>> the server is autenticating locally. I wanted it to deny the
>> authentication. How should I proceed?
> A username with no realm will match the NULL realm.  You can reject NULL 
> realms with:
> == users ==
> DEFAULT Realm == "NULL", Auth-Type := Reject
> == users ==
>> hints file. Added only the following entry:
>> # The following entry is to be authenticated locally
>> DEFAULT Suffix == "", Strip-User-Name = Yes
>>         Hint = "PPP",
>>         Service-Type = Framed-User,
>>         Framed-Protocol = PPP
> A realm definition for and a small users file entry should do the 
> same thing, as long as you don't add the nostrip option for the realm.
The problem here was that I couldn't find the proper entry to add to the
users file :-(
>> rad_recv: Access-Request packet from host a.b.c.d:3793, id=0, length=58
>>         User-Name = "[EMAIL PROTECTED]"
>>         User-Password = "user"
>>   Processing the authorize section of radiusd.conf
>> modcall: entering group authorize for request 0
>>   hints: Matched DEFAULT at 36
>>   modcall[authorize]: module "preprocess" returns ok for request 0
>>   modcall[authorize]: module "chap" returns noop for request 0
>>   modcall[authorize]: module "mschap" returns noop for request 0
>>     rlm_realm: No '@' in User-Name = "user", looking up realm NULL
>>     rlm_realm: No such realm "NULL"
> This request matches the NULL realm, which should be impossible based on your 
> configuration and the description of how the NULL realm works.  The User-Name 
> has a realm in this request, so it should match the DEFAULT realm if it is 
> defined.  Since the hints file matched at line 36 here, I assume you actually 
> configured instead of in your hints file.
> Is this assumption correct?  If not, what is in your hints file at line 36?
> Kevin Bonner
I mistyped domain1 and provider1. The entry at line 36 is provider1. The
Hints file I wrote incorrectly in the explanation. It actually contains

I tried to change the 'Strip-User-Name = Yes' to 'Strip-User-Name = NO'
in the Hints file, but got the problem that I didn't know what would be
to correct entry in the users file. With the change, with the @provider1
domain, the server is replying properly, but without domain, the server
didn't replying at all.

I then tried your suggestion of adding the 'DEFAULT Realm == "NULL",
Auth-Type := Reject' entry. Same case as above. Without a domain, the
server simply didn't answer, not even a with a reject.

BUT, looking at the debug output of Radius -X I found the missing piece. In the 
proxy.conf file, the NULL entry was commented. I removed the comments, pointed 
it to LOCAL, and the entry you suggested for the users file (DEFAULT Realm == 
"NULL") kicked in. It's now working as desired.

Thank you for your help,

Marcos Roberto Greiner

                Marcos Roberto Greiner

   Os otimistas acham que estamos no melhor dos mundos
    Os pessimistas tem medo de que isto seja verdade

List info/subscribe/unsubscribe? See

Reply via email to