On 10/06/2017 01:54 AM, Daniel Ehlers wrote:
> On 10/05/2017 07:55 PM, Linus Nordberg wrote:
>> Hi,
>>
>> Running radsecproxy with `-d 5' should give you log lines like these,
>> which might help debug the issue:
>>
>> addrealm: constructed regexp %s from %s
>>
>>
>> And again, what's the _double_ backslashes for?
> Escaping the dots, all examples in the manual are that way, and
> the constructed regex strings from none regex realms
> in radsecproxy.c L2073 escape them the same way.
>
> regards Daniel
Oh gosh ... to long no real C coding. That is an escaping sequence.
I think the documention is misleading in that point.
He is right Alex you should remove the _double_ blackslashes ....
regards Daniel
>>
>> Alex Sharaz <alex.sharaz(a)york.ac.uk> wrote
>> Thu, 5 Oct 2017 13:15:44 +0100:
>>
>>> Nope still doesn't work :-(
>>> A
>>>
>>> On 5 October 2017 at 07:57, Alex Sharaz <alex.sharaz(a)york.ac.uk> wrote:
>>>
>>>> I’ll double check, but think I’ve already tried that
>>>> Rgds
>>>> Alex
>>>>
>>>> Sent from my iPhone 6 plus
>>>>
>>>>> On 4 Oct 2017, at 20:29, Daniel Ehlers <danielehlers(a)mindeye.net> wrote:
>>>>>
>>>>>> On 10/04/2017 04:58 PM, Alex Sharaz wrote:
>>>>>> Hi,
>>>>>> I'm using radsecproxy to pass RADIUS auths from our ORPS machine to the
>>>> upstream national radius proxy service .
>>>>>>
>>>>>> Looking at the log file I'm seeing access-rejects being sent down
>>>> generating log entries of the form
>>>>>>
>>>>>> Oct 4 15:47:09 2017: Access-Reject for user
>>>> 0234105273270593(a)wlan.mnc010.mcc234.3gppnetwork.org
>>>>>> <mailto:0234105273270593@wlan.mnc010.mcc234.3gppnetwork.org> stationid
>>>> 2C-0E-3D-05-37-86 from roaming0.ja.net
>>>>>> <http://roaming0.ja.net> (Request Denied) to fromFR (127.0.0.1)
>>>>>>
>>>>>> What I'd like to do is reject these locally in radsecproxy.conf. I
>>>> thought that
>>>>>>
>>>>>> realm /.*\\.3gppnetwork\\.org$/ {
>>>>>> replymessage "Misconfigured client: Rejected by
>>>> eduroam1.york.ac.uk <http://eduroam1.york.ac.uk>!"> >> }
>>>>>>
>>>>>> would stop these from being passed onwards. As the log entry above
>>>> shows, it doesn't !
>>>>>>
>>>>>> The statement is at the top of my realm statement lists with
>>>>>>
>>>>>> realm * {
>>>>>> server roaming0.ja.net <http://roaming0.ja.net>> >> server roaming1.ja.net <http://roaming1.ja.net>> >> }
>>>>>>
>>>>>> at the bottom.
>>>>>>
>>>>>> What's wrong with my realm statement?
>>>>>> Rgds
>>>>>> Alex
>>>>> Hi,
>>>>>
>>>>> plz try
>>>>>
>>>>> realm /@.*\\.3gppnetwork\\.org$/ {
>>>>>
>>>>> didn't checked that with the code, but according to [1] it looks
>>>>> like you have to explicitly define a username/domain part separated by
>>>> '@'.
>>>>>
>>>>> regards Daniel
>>>>>
>>>>> [1] https://software.nordu.net/radsecproxy/doc/1.6/> radsecproxy.conf.html#REALM%20BLOCK
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> radsecproxy mailing list
>>>>> radsecproxy(a)lists.nordu.net
>>>>> https://lists.nordu.net/listinfo/radsecproxy>
>>>
>>> _______________________________________________
>>> radsecproxy mailing list
>>> radsecproxy(a)lists.nordu.net
>>> https://lists.nordu.net/listinfo/radsecproxy
>> _______________________________________________
>> radsecproxy mailing list
>> radsecproxy(a)lists.nordu.net
>> https://lists.nordu.net/listinfo/radsecproxy
>>
>
>
Hi,
I'm using radsecproxy to pass RADIUS auths from our ORPS machine to the
upstream national radius proxy service .
Looking at the log file I'm seeing access-rejects being sent down
generating log entries of the form
Oct 4 15:47:09 2017: Access-Reject for user
0234105273270593(a)wlan.mnc010.mcc234.3gppnetwork.org stationid
2C-0E-3D-05-37-86 from roaming0.ja.net (Request Denied) to fromFR
(127.0.0.1)
What I'd like to do is reject these locally in radsecproxy.conf. I thought
that
realm /.*\\.3gppnetwork\\.org$/ {
replymessage "Misconfigured client: Rejected by eduroam1.york.ac.uk
!"
}
would stop these from being passed onwards. As the log entry above shows,
it doesn't !
The statement is at the top of my realm statement lists with
realm * {
server roaming0.ja.net
server roaming1.ja.net
}
at the bottom.
What's wrong with my realm statement?
Rgds
Alex
