Proxying doesn't work!

Federico Giannici giannici at neomedia.it
Wed Jul 11 13:13:50 CEST 2007 

Tomas Hoger wrote:
> Hi Federico!
> 
> Check default radiusd.conf and search for "realm" and "suffix".  It
> looks like you're not calling rlm_realm in authorize.

Yes, that was the problem!
I thought that the realms were handled by some kind of internal magic...

Thanks.



> On 7/11/07, Federico Giannici <giannici at neomedia.it> wrote:
>> We have a working FreeRADIUS 1.1.4 running since a lot of months.
>> Now we have to proxy the requests for a realm (gtenet.it) to a given
>> RADIUS server, but our server seems to ignore the proxy configuration!
>>
>> I have set "proxy_requests = yes" and included the "proxy.conf" file
>> (I'm sure of these, looked at the debug output).
>>
>> Here it is our "proxy.conf" file:
>>
>> proxy server {
>>         synchronous = no
>>         retry_delay = 5
>>         retry_count = 3
>>         dead_time = 120
>>         default_fallback = yes
>>         post_proxy_authorize = no
>> }
>> realm gtenet.it {
>>         type        = radius
>>         authhost    = 195.103.212.53:1645
>>         accthost    = 195.103.212.53:1646
>>         secret      = XXXXXXXXX
>> }
>>
>> When a request for xxxx at gtenet.it is received, it goes through the
>> authorization and then instead of being proxied it goes through
>> authentication and obviously fail!
>>
>> Here it is the output of the server in debug mode:
>>
>> Jul 10 18:55:29 aragorn radiusd[23262]: Going to the next request
>> Jul 10 18:55:29 aragorn radiusd[23262]: Waking up in 6 seconds...
>> Jul 10 18:55:29 aragorn radiusd[23262]: rad_lowerpair:  User-Name now
>> 'neomedia at gtenet.it'
>> Jul 10 18:55:29 aragorn radiusd[23262]: rad_lowerpair:  User-Password
>> now 'XXXXXXXX'
>> Jul 10 18:55:29 aragorn radiusd[23262]: rad_rmspace_pair:  User-Name now
>> 'neomedia at gtenet.it'
>> Jul 10 18:55:29 aragorn radiusd[23262]: rad_rmspace_pair:  User-Password
>> now 'XXXXXXXX'
>> Jul 10 18:55:29 aragorn radiusd[23262]:   Processing the authorize
>> section of radiusd.conf
>> Jul 10 18:55:29 aragorn radiusd[23262]: modcall: entering group
>> authorize for request 72
>> Jul 10 18:55:29 aragorn radiusd[23262]:   modcall[authorize]: module
>> "preprocess" returns ok for request 72
>> Jul 10 18:55:29 aragorn radiusd[23262]:   modcall[authorize]: module
>> "nm" returns noop for request 72
>> Jul 10 18:55:29 aragorn radiusd[23262]:   modcall[authorize]: module
>> "chap" returns noop for request 72
>> Jul 10 18:55:29 aragorn radiusd[23262]:   modcall[authorize]: module
>> "mschap" returns noop for request 72
>> Jul 10 18:55:29 aragorn radiusd[23262]: rlm_pap: WARNING! No "known
>> good" password found for the user.  Authentication may fail because of this.
>> Jul 10 18:55:29 aragorn radiusd[23262]:   modcall[authorize]: module
>> "pap" returns noop for request 72
>> Jul 10 18:55:29 aragorn radiusd[23262]: modcall: leaving group authorize
>> (returns ok) for request 72
>> Jul 10 18:55:29 aragorn radiusd[23262]: auth: No authenticate method
>> (Auth-Type) configuration found for the request: Rejecting the user
>> Jul 10 18:55:29 aragorn radiusd[23262]: auth: Failed to validate the user.
>>
>> Any hints of what could be the problem?
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-- 
___________________________________________________
     __
    |-                      giannici at neomedia.it
    |ederico Giannici      http://www.neomedia.it
___________________________________________________

More information about the Freeradius-Users mailing list