i was trying to reject those "double" realm. but i cannot find the right syntax and/or where to put the lines.
i was trying to put this lines in the user file: DEFAULT User-Name =~ "/^[email protected]@.*/" Auth-Type := Reject that did not work. when putting: if (User-Name ~= /^[email protected]@.*/) { reject } in the server configuration in authorize section, i get a strange error.. i am quite new with configuring freeradius, it would be nice if someone could give me some real hint how to and where reject those double @ @ thanks in advance. -euro On Wed, Oct 7, 2009 at 5:36 PM, Alexander Clouter <[email protected]>wrote: > mr typo <[email protected]> wrote: > > > > i do have a problem with our freeradius configuration and i have no idea > how > > to solve it. > > > > we do have one realm configured domainname.com which works perfectly. > every > > user who wants to authenticate with a different realm is proxied to an > > outside radius. server. the setup works fine. > > > > we do have some mobile devices who send something like: > > [email protected]@wlan.mnc003.mc > > [email protected]@Verisign... > > . > > . > > > > we send these requests to our proxy and the proxy sends it back to > us,.... > > > > from my understanding i cant solve it with a regex in the proxy.conf, > right? > > since the "realm" is just the string after the last @? > > > > anyone has an idea how i can process such request in my company.comrealm? > > inside the realm i strip everything out, so it should work then. > > > Use some unlang in 'authorize' *before* you call 'suffix' that looks > like: > ---- > if (User-Name ~= /^([email protected])@.*/) { > User-Name := "%{1}" > } > ---- > > As a side note, I currently have in proxy.conf: > ---- > # blackhole routing > realm myabc.com { > virtual_server = auth-reject > > nostrip > } > realm "~\\.3gppnetwork\\.org$" { > virtual_server = auth-reject > > nostrip > } > ---- > > ...and a virtual server: > ---- > server auth-reject { > authorize { > suffix > > switch "%{Realm}" { > case "NULL" { > update reply { > Reply-Message := "No Realm" > } > } > > # we should not get here > case "DEFAULT" { > update reply { > Reply-Message := "ERROR" > } > } > > # we *really* should not get here > case "%{config:local.MY.realm}" { > update reply { > Reply-Message := "BIG ERROR" > } > } > > case { > update reply { > Reply-Message := "Realm Blackholed" > } > } > } > > reject > } > } > ---- > > I would recommend you reject straight away any double realmed users as > you will only find yourself later on still having to deal with > misconfigured kit; pain now means a *lot* less pain later down the road > in my experience. > > Cheers > > -- > Alexander Clouter > .sigmonster says: This Fortune Examined By INSPECTOR NO. 2-14 > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
