I've done it...it seems working.
Thank a lot.
Le 06/02/2013 11:40, Phil Mayers a écrit :
On 06/02/13 10:03, Hocine M wrote:
Hi ,
I have a problem with some user proxied.
In the accounting-request the username is stripped and realm is NULL.
Why le realm is lost?
The User-Name in the accounting packets is overridden by the User-Name
in the Access-Accept. In your case, your upstream proxy is returning a
bare username in the Accept:
rad_recv: Access-Accept packet from host 193.51.224.109 port 1812,
id=223, length=182
User-Name = "pierre.dupont\000"
...which you then send back to the NAS:
Sending Access-Accept of id 13 to 192.168.58.5 port 20007
User-Name = "pierre.dupont\000"
You can (and indeed, should) use a piece of "unlang" to re-insert /
validate the realm in the case; we have this config:
post-proxy {
# Clean up the reply username
if (proxy-reply:User-Name =~ /^(.*)@.*/) {
# rewrite user@anything to user@theauthrealm
# i.e. we don't trust the reply realm
update proxy-reply {
User-Name := "%{1}@%{Realm}"
}
}
elsif (proxy-reply:User-Name) {
# no @ i.e. realm in the reply username
# append the realm used for forwarding
update proxy-reply {
User-Name := "%{proxy-reply:User-Name}@%{Realm}"
}
}
else {
# no reply username at all. add one
update proxy-reply {
User-Name := "%{request:User-Name}"
}
}
}
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
