Re: Reject user without realm
This is a discussion on Re: Reject user without realm within the FreeRADIUS Users forums, part of the Networking and Network Related category; --===============0760897611== Content-Type: multipart/signed; boundary="nextPart1801502.QD3TsF04dt"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-09-2007
|
|||
|
|||
Re: Reject user without realm
--===============0760897611==
Content-Type: multipart/signed; boundary="nextPart1801502.QD3TsF04dt"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit --nextPart1801502.QD3TsF04dt Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 09 April 2007 14:32:31 Marcos Roberto Greiner wrote: > The problem I'm having is that if a user adds no realm, only the user, > the server is autenticating locally. I wanted it to deny the > authentication. How should I proceed? A username with no realm will match the NULL realm. You can reject NULL=20 realms with: =3D=3D users =3D=3D DEFAULT Realm =3D=3D "NULL", Auth-Type :=3D Reject =3D=3D users =3D=3D > hints file. Added only the following entry: > # The following entry is to be authenticated locally > DEFAULT Suffix =3D=3D "@domain1.com", Strip-User-Name =3D Yes > Hint =3D "PPP", > Service-Type =3D Framed-User, > Framed-Protocol =3D PPP A realm definition for domain1.com and a small users file entry should do t= he=20 same thing, as long as you don't add the nostrip option for the realm. > rad_recv: Access-Request packet from host a.b.c.d:3793, id=3D0, length=3D= 58 > User-Name =3D "user@provider1.com" > User-Password =3D "user" > Processing the authorize section of radiusd.conf > modcall: entering group authorize for request 0 > hints: Matched DEFAULT at 36 > modcall[authorize]: module "preprocess" returns ok for request 0 > modcall[authorize]: module "chap" returns noop for request 0 > modcall[authorize]: module "mschap" returns noop for request 0 > rlm_realm: No '@' in User-Name =3D "user", looking up realm NULL > rlm_realm: No such realm "NULL" This request matches the NULL realm, which should be impossible based on yo= ur=20 configuration and the description of how the NULL realm works. The User-Na= me=20 has a realm in this request, so it should match the DEFAULT realm if it is= =20 defined. Since the hints file matched at line 36 here, I assume you actual= ly=20 configured provider1.com instead of domain1.com in your hints file. Is this assumption correct? If not, what is in your hints file at line 36? Kevin Bonner --nextPart1801502.QD3TsF04dt Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQBGGpDS/9i/ml3OBYMRAohpAJ9/iUTeGgVaGwEznxi5TBS4nZIKZQCfbfSo akuixtHe2z8ol82XJzsxDDw= =hjGO -----END PGP SIGNATURE----- --nextPart1801502.QD3TsF04dt-- --===============0760897611== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --===============0760897611==-- 
|
Linear Mode
