'Re: authentication fails because of the realm isn't stripped'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: authentication fails because of the realm isn't stripped
From:       Alan DeKok <aland () deployingradius ! com>
Date:       2017-09-26 11:46:24
Message-ID: 8A9C366B-7A56-4B9B-8C59-14F21686F710 () deployingradius ! com
[Download RAW message or body]

On Sep 26, 2017, at 2:57 AM, hans.bornemann@tu-dortmund.de wrote:
> 
> the authentication fails because of the realm isn't stripped.

  The realm is stripped.  Please read the debug output. 

> the man page says: "by default the realm is stripped ..."

  Quoting the documentation isn't helpful.  We know what it says.

> Tue Sep 26 08:33:47 2017 : Debug: (1)   User-Name = "hans@telesec"

  Please follow the documentation.  EVERYTHING says to use "radiusd -X".

> Tue Sep 26 08:33:47 2017 : Debug: (1) suffix: Checking for suffix after "@"
> Tue Sep 26 08:33:47 2017 : Debug: (1) suffix: Looking up realm "telesec" for User-Name = "hans@telesec"
> Tue Sep 26 08:33:47 2017 : Debug: (1) suffix: Found realm "telesec"
> Tue Sep 26 08:33:47 2017 : Debug: (1) suffix: Adding Stripped-User-Name = "hans"
> Tue Sep 26 08:33:47 2017 : Debug: (1) suffix: Adding Realm = "telesec"
> Tue Sep 26 08:33:47 2017 : Debug: (1) suffix: Authentication realm is LOCAL

  See the word "Stripped" there?   That's a hint that the realm is being stripped.

  And no, the User-Name attribute is *not* modified.  That's a bad idea for a whole host of reasons.

> Tue Sep 26 08:33:47 2017 : Debug: (1)     modsingle[authorize]: calling sql (rlm_sql)
> Tue Sep 26 08:33:47 2017 : Debug: %{User-Name}
> Tue Sep 26 08:33:47 2017 : Debug: Parsed xlat tree:
> Tue Sep 26 08:33:47 2017 : Debug: attribute --> User-Name
> Tue Sep 26 08:33:47 2017 : Debug: (1) sql: EXPAND %{User-Name}
> Tue Sep 26 08:33:47 2017 : Debug: (1) sql:    --> hans@telesec
> Tue Sep 26 08:33:47 2017 : Debug: (1) sql: SQL-User-Name set to 'hans@telesec'

  See the SQL configuration.  For you, raddb/mods-config/sql/main/mysql/queries.conf

  Look for sql_user_name, and read the documentation.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic