get name of authentication realm

classic Classic list List threaded Threaded
2 messages Options
| Threaded
Open this post in threaded view
|

get name of authentication realm

Zdeněk Sobotka
Hello, I'm trying to retreive name of "authentication realm" like a
variable in the Freeradius v3 ("LOCAL" in variable in my case). In debug
log, near suffix module i see:

(1) suffix: Checking for suffix after "@"
(1) suffix: Looking up realm "yyyy.cz" for User-Name = "[hidden email]"
(1) suffix: Found realm "yyyy.cc"
(1) suffix: Adding Stripped-User-Name = "name"
(1) suffix: Adding Realm = "yyyy.cc"
(1) suffix: Authentication realm is LOCAL

I'm found in documentation, that the "Authentication realm" can be found
in "control:Proxy-To-Realm"
(https://networkradius.com/doc/3.0.10/raddb/mods-available/realm.html).

At logs i have, but that variable is empty:
(2)     if ("%{control:Proxy-To-Realm}" != "LOCAL") {
(2)     ERROR: Failed retrieving values required to evaluate condition

Thank you for the advice.



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

smime.p7s (4K) Download Attachment
| Threaded
Open this post in threaded view
|

Re: get name of authentication realm

Alan DeKok-2
On Nov 29, 2018, at 6:02 AM, Zdeněk Sobotka <[hidden email]> wrote:

>
> Hello, I'm trying to retreive name of "authentication realm" like a
> variable in the Freeradius v3 ("LOCAL" in variable in my case). In debug
> log, near suffix module i see:
>
> (1) suffix: Checking for suffix after "@"
> (1) suffix: Looking up realm "yyyy.cz" for User-Name = "[hidden email]"
> (1) suffix: Found realm "yyyy.cc"
> (1) suffix: Adding Stripped-User-Name = "name"
> (1) suffix: Adding Realm = "yyyy.cc"
> (1) suffix: Authentication realm is LOCAL

  That means you added a configuration in proxy.conf:

realm yyyy.cc {
}

  Which means it's not going to be proxied anywhere.

> I'm found in documentation, that the "Authentication realm" can be found
> in "control:Proxy-To-Realm"
> (https://networkradius.com/doc/3.0.10/raddb/mods-available/realm.html).
>
> At logs i have, but that variable is empty:
> (2)     if ("%{control:Proxy-To-Realm}" != "LOCAL") {
> (2)     ERROR: Failed retrieving values required to evaluate condition

  Just check if there's no Proxy-To-Realm.  And you don't need to do a string expansion:

        if (!control:Proxy-To-Realm) {
                ... it is being handled locally ...
        }

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html