Pop3 and LDAP authentication...Multiple radius servers

Eric Martell workoutexcite at yahoo.com
Tue Aug 26 17:09:07 CEST 2008


Thanks Ivan.

Now I have 2 radius servers running on same machine as radiusa (port 1812) and radiusb (port 1912). I configured radiusa to do ldap auth and radiusb to do POP3 auth which works fine "individually" thru radclient.

I setup proxy.conf in radiusa as

realm xyz.net {
       type        = radius
       authhost    = radiusb.test1.net:1912
       accthost    = radiusb.test1.net:1913
       secret      = testing
}

I am sending request thru radclient on radiusa. But for some reason the request does not get proxied to radiusb. 

This is the radius -X log.


rad_recv: Access-Request packet from host 167.206.23.94:1054, id=14, length=59
        User-Name = "testaccount at xyz.net"
        User-Password = "test"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: Looking up realm "xyz.net" for User-Name = "testaccount at xyz.net"
    rlm_realm: Found realm "xyz.net"
    rlm_realm: Adding Stripped-User-Name = "testaccount"
    rlm_realm: Proxying request from user testaccount to realm xyz.net
    rlm_realm: Adding Realm = "xyz.net"
    rlm_realm: Preparing to proxy authentication request to realm "xyz.net" 
  modcall[authorize]: module "suffix" returns updated for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched entry DEFAULT at line 75
    users: Matched entry DEFAULT at line 180
    users: Matched entry DEFAULT at line 184
  modcall[authorize]: module "files" returns ok for request 0
modcall: entering group group for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testaccount
radius_xlat:  '(uid=testaccount)'
radius_xlat:  'dc=test1,dc=net,o=internet'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection


Please let me know if I am missing something.

Thanks and Regards.

--- On Mon, 8/25/08, Ivan Kalik <tnt at kalik.net> wrote:
From: Ivan Kalik <tnt at kalik.net>
Subject: Re: Pop3 and LDAP authentication...Multiple radius servers
To: freeradius-users at lists.freeradius.org
Date: Monday, August 25, 2008, 1:39 PM

http://radiuswiki.suntel.com.tr/Proxy.conf

Ivan Kalik
Kalik Informatika ISP


Dana 25/8/2008, "Eric Martell" <workoutexcite at yahoo.com> piše:

>Hi,
>   We have radius server which is inhouse which does the LDAP
authentication We got a new request from third party to do authentication for
"their" users using POP3.
>
>So the request comes to radiusA (our inhouse radius).
>
>If the user has realm as @xyz.net ..then we forward the request to third
party to authenticate which might be radiusB which does the authentication using
POP3.
>
>If there is no realm attached, radiusA does the LDAP auth and return the
response.
>
>Not sure how to specify in our radiusd.conf.
>
>I could not find any thread in the list. Please let me know the link if
this is already discuss.
>
>Really Appreciated your quick response.
>
>Thanks and Regards.
>
>
>
>
>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080826/89fa3655/attachment.html>


More information about the Freeradius-Users mailing list