2:15 p.m.
Nope still doesn't work :-(
A
On 5 October 2017 at 07:57, Alex Sharaz <alex.sharaz(a)york.ac.uk> wrote:
I’ll double check, but think I’ve already tried that
Rgds
Alex
Sent from my iPhone 6 plus
'@'.
On 4 Oct 2017, at 20:29, Daniel Ehlers
<danielehlers(a)mindeye.net> wrote:
> On 10/04/2017 04:58 PM, Alex Sharaz wrote:
> Hi,
> I'm using radsecproxy to pass RADIUS auths from our ORPS machine to the
upstream national radius proxy service .
>
> Looking at the log file I'm seeing access-rejects being sent down
generating log entries of the form
>
> Oct 4 15:47:09 2017: Access-Reject for user
0234105273270593(a)wlan.mnc010.mcc234.3gppnetwork.org
>
<mailto:0234105273270593@wlan.mnc010.mcc234.3gppnetwork.org> stationid
2C-0E-3D-05-37-86 from roaming0.ja.net
> <http://roaming0.ja.net> (Request
Denied) to fromFR (127.0.0.1)
>
> What I'd like to do is reject these locally in radsecproxy.conf. I
thought
that
>
> realm /.*\\.3gppnetwork\\.org$/ {
> replymessage "Misconfigured client: Rejected by
eduroam1.york.ac.uk <http://eduroam1.york.ac.uk>!"
> }
>
> would stop these from being passed onwards. As the log entry above
shows, it
doesn't !
The statement is at the top of my realm statement lists with
realm * {
server roaming0.ja.net <http://roaming0.ja.net>
server roaming1.ja.net <http://roaming1.ja.net>
}
at the bottom.
What's wrong with my realm statement?
Rgds
Alex
Hi,
plz try
realm /@.*\\.3gppnetwork\\.org$/ {
didn't checked that with the code, but according to [1] it looks
like you have to explicitly define a username/domain part separated by
regards Daniel
[1] https://software.nordu.net/radsecproxy/doc/1.6/
radsecproxy.conf.html#REALM%20BLOCK
_______________________________________________
radsecproxy mailing list
radsecproxy(a)lists.nordu.net
https://lists.nordu.net/listinfo/radsecproxy