order of realm processing

green green gggreen4 at gmail.com
Fri Dec 18 18:26:43 CET 2009 

Any one got any advice?

On Sat, Dec 19, 2009 at 12:46 AM, green green <gggreen4 at gmail.com> wrote:

> i have domain1\user1 and this get radius proxy correctly to the radius1
> server (11.11.11.11) based on ntdomain prefix
> have also set the ignore_null = yes
>
> i have user1 at domain1 and this get radius proxy correctly to the radius1
> server (11.11.11.11) based on suffix
> have also set the ignore_null = yes
>
> *under /modules/realm *
> realm ntdomain {
>         format = prefix
>         delimiter = "\\"
>         ignore_default = yes
>         ignore_null = yes
> }
>
> realm suffix {
>         format = suffix
>         delimiter = "@"
>         ignore_default = yes
>         ignore_null = yes
> }
>
>
> *Under proxy.conf*
>
> realm domain1 {
>        type             = radius
>        nostrip
>        authhost        = 11.11.11.11:1812
>        accthost        = 11.11.11.11:1813
>        secret          = secret1
> }
>
> realm NULL {
>       type = auth
>        authhost        = 22.22.22.22:1812
>        accthost        = 22.22.22.22:1813
>        secret          = secret1
> }
>
>
> *Debug
> *
> *[ntdomain] No '\' in User-Name = "user2", skipping NULL due to config.
> ++[ntdomain] returns noop
> [suffix] No '@' in User-Name = "user2", skipping NULL due to config.
> ++[suffix] returns noop*
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[unix] returns notfound
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> [pap] WARNING! No "known good" password found for the user.  Authentication
> may fail because of this.
> ++[pap] returns noop
> No authenticate method (Auth-Type) configuration found for the request:
> Rejecting the user
> Failed to authenticate the user.
> Using Post-Auth-Type Reject
> +- entering group REJECT {...}
> [attr_filter.access_reject]     expand: %{User-Name} -> user2
>  attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 3 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 3
> Sending Access-Reject of id 211 to 3.3.3.3 port 1645
> Waking up in 1.0 seconds.
> Cleaning up request 2 ID 210 with timestamp +14
> Waking up in 3.9 seconds.
> Cleaning up request 3 ID 211 with timestamp +17
> Ready to process requests.
>
> i have user2 (without domain) and this get rejected, i want it to send to
> radius2 server (22.22.22.22) as defined in the NULL domain as defined in the
> proxy.conf.  Can advise how to do this?
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091219/7423e8a3/attachment.html>

More information about the Freeradius-Users mailing list