Proxy/Realm problem in 2.1.7
Ivan Kalik
tnt at kalik.net
Wed Oct 7 15:44:53 CEST 2009
> Since upgrading FR to 2.1.7 from 2.1.3 and 2.1.1 on our 2 servers
> there's been an issue with our proxy pool.
>
> There are three servers in the auth and acct pools, but unless I comment
> two of them out (as below) I receive a 'Request Denied' message back in
> response to the first access-request packet that is proxied to one of
> the auth servers.
>
> Is this a bug in 2.1.7, or is there a difference in configuration file
> format between the versions?
>
> # POOL Server config...
>
> pool_config {
> test_username = 'test-user at remote-realm.com'
> test_password = '***************'
> secret0 = '***************'
> secret1 = '***************'
> secret2 = '***************'
> }
>
> realm pool {
> nostrip
> auth_pool = pool_auth
> acct_pool = pool_acct
> }
>
> # Server Pools
> server_pool pool_auth {
> type = client-port-balance
> # home_server = pool0
> home_server = pool1
> # home_server = pool2
> }
>
> server_pool pool_acct {
> type = client-port-balance
> # home_server = pool0
> home_server = pool1
> # home_server = pool2
> }
>
> home_server pool0 {
> status_check = request
> username = ${pool_config.test_username}
> password = ${pool_config.test_password}
> ipaddr = server0.net
> secret = ${pool_config.secret0}
> port = 1812
> type = auth+acct
> }
>
> home_server pool1 {
> status_check = request
> username = ${pool_config.test_username}
> password = ${pool_config.test_password}
> ipaddr = server1.net
> secret = ${pool_config.secret1}
> port = 1812
> type = auth+acct
> }
>
> home_server pool2 {
> status_check = request
> username = ${pool_config.test_username}
> password = ${pool_config.test_password}
> ipaddr = server2.net
> secret = ${pool_config.secret2}
> port = 1812
> type = auth+acct
> }
Start the server in debug mode. You will see how does home server
configuration resolve and is something not as expected.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list