Re: [PacketFence-users] NULL realm

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello Eugene,

in fact the REALM is used in 2 cases, if you add the option STRIP in the
realm config and restart radius then you will see that radius will strip it.

When you assign a REALM to a domain then if the realm match then it will
use the domain you define (options.bc.ca -> use AD OPTIONS) in
freeradius to do ntlm_auth.

Next you can associate realm to a authentication source, so if you
created a connection with multiples sources then if you fill the
username with bo...@op... then the first source with options.bc.ca
enabled will be used. (same if you do autoreg 802.1x).

So in your case because there is just on AD you can just assign the
DEFAULT realm to your AD domain.

Regards

Fabrice

Le 2018-01-25 à 03:49, E.P. a écrit :
>
> Thanks, Fabrice.
>
> Found it and deleted NULL realm from this file and it is gone from the
> webpage.
>
> But essentially this is not what I wanted to achieve.
>
> And perhaps there’s something I don’t understand.
>
> I thought that without the NULL realm the processing of realms will
> skip it and it will match my realm – options.bc.ca which is in the end
> of the list of realms.
>
> Still, if I authenticate as it.tech and I see in the debug of radius
> that it uses NULL realm.
>
> If I authenticate as it...@op...
> <mailto:it...@op...> I see that correct realm use.
>
> But both authentication attempts go through. What the use of
> options.bc.ca realm then ?
>
> It looks like with only one AD in our organization we may easily
> disregard it ?
>
>  
>
> Eugene
>
>  
>
> *From:*Durand fabrice via PacketFence-users
> [mailto:pac...@li...]
> *Sent:* Wednesday, January 24, 2018 6:34 PM
> *To:* pac...@li...
> *Cc:* Durand fabrice
> *Subject:* Re: [PacketFence-users] NULL realm
>
>  
>
> Hello Eugene,
>
> the NULL realm is located in realm.conf.defaults
>
> Regards
>
> Fabrice
>
>  
>
>  
>
> Le 2018-01-23 à 14:14, E.P. via PacketFence-users a écrit :
>
>     Guys,
>
>     I wonder if I can make PF bypass NULL realm processing?
>
>     The reason is that we want to use only the user ID in the username
>     field.
>
>     If we use like this then the authentication attempt hits NULL realm.
>
>     I tried to remove it from PF GUI but it still stays there.
>
>     Interesting that it is not listed in the realm.conf file
>
>      
>
>     ++++++++++++++++++++++++++++++++++++++++++
>
>     [root]@[PacketFence-ZEN conf]#cat realm.conf
>
>     [DEFAULT]
>
>     domain=optionsas
>
>     options=strip
>
>      
>
>     [options]
>
>     domain=optionsad
>
>      
>
>     [options.bc.ca]
>
>     domain=optionsad
>
>     +++++++++++++++++++++++++++++++++++++++++++++
>
>      
>
>     Eugene
>
>
>
>
>     ------------------------------------------------------------------------------
>
>     Check out the vibrant tech community on one of the world's most
>
>     engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
>
>     _______________________________________________
>
>     PacketFence-users mailing list
>
>     Pac...@li...
>     <mailto:Pac...@li...>
>
>     https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>  
>

-- 
Fabrice Durand
fd...@in... ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) 