On Mon, Aug 13, 2007 at 11:48:06PM -0500, Scott Lambert wrote:
> I am attempting to build a setup which authenticates users from 3 realms
> in one MySQL database. Some of my users, actually a large proportion of
> them, are currently not using their realm to authenticate. I am about
> to merge the dial pools so I won't be able to use huntgroups or hints to
> figure out which realm they are coming from.
>
> I am trying to use the new unlang option to avoid writing an rlm_perl
> type script.
>
> FreeRADIUS-snapshot-20070813
>
> I don't know if any of this is "legal". I'm using one sql module. I
> just call it once for each realm after changing the %{User-Name} to
> append that realm. It just looked like it might work so I tried it.
> The debug output makes it look like I am very close. I haven't been
> able to figure out exactly what is wrong with it, yet.
>
> The failure happens in rlm_pap when the user does not specify a realm.
> I don't see the cause of the failure in the debug output. I'm probably
> not interpreting the output correctly.
<snip>
> Here are the authentication tests.
>
> [EMAIL PROTECTED] ~
> 22:30:33 Mon Aug 13 $ radtest [EMAIL PROTECTED] password1
> radtest.example1.net 2 blahblah 2
> Sending Access-Request of id 82 to radtest.example1.net port 1645
> User-Name = "[EMAIL PROTECTED]"
> User-Password = "password1"
> NAS-IP-Address = 255.255.255.255
> NAS-Port = 2
> Framed-Protocol = PPP
> rad_recv: Access-Accept packet from host radtest.example1.net:1645, id=82,
> length=32
> Framed-Protocol = PPP
> Framed-Compression = Van-Jacobson-TCP-IP
>
> [EMAIL PROTECTED] ~
> 22:33:43 Mon Aug 13 $ radtest lambert password1 radtest.example1.net 2
> blahblah 2
> Sending Access-Request of id 99 to radtest.example1.net port 1645
> User-Name = "lambert"
> User-Password = "password1"
> NAS-IP-Address = 255.255.255.255
> NAS-Port = 2
> Framed-Protocol = PPP
> rad_recv: Access-Reject packet from host radtest.example1.net:1645, id=99,
> length=20
<snip>
Something odd is going on. I finally got the idea into my head to
test with usernames other than mine. I have now tried several other
usernames. They have all worked with and without specifying the realm.
Yea!
I am very confused as to why my account is apparantly the only one
failing when authenticating without the realm. With the realm, my
account works.
[EMAIL PROTECTED] ~
01:01:06 Tue Aug 14 $ radtest [EMAIL PROTECTED] bla4848 radtest.example1.net 2
blahblah 2
Sending Access-Request of id 182 to radtest.example1.net port 1645
User-Name = "[EMAIL PROTECTED]"
User-Password = "bla4848"
NAS-IP-Address = 255.255.255.255
NAS-Port = 2
Framed-Protocol = PPP
rad_recv: Access-Accept packet from host radtest.example1.net:1645, id=182,
length=32
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
[EMAIL PROTECTED] ~
01:01:17 Tue Aug 14 $ radtest ronnie bla4848 radtest.example1.net 2 blahblah 2
Sending Access-Request of id 202 to radtest.example1.net port 1645
User-Name = "ronnie"
User-Password = "bla4848"
NAS-IP-Address = 255.255.255.255
NAS-Port = 2
Framed-Protocol = PPP
rad_recv: Access-Accept packet from host radtest.example1.net:1645, id=202,
length=32
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
--
Scott Lambert KC5MLE Unix SysAdmin
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
