3.0.4: proxy-to-vserver and proxied post-auth?
Stefan Winter
stefan.winter at restena.lu
Mon Sep 22 10:24:35 CEST 2014
Hello,
I've migrated almost all my virtual servers - but one - to 3.0.4.
There's one thing which I had expected to work, but it doesn't, but I do
recall some discussions around this on the list; but not what the final
verdict was.
My proxied-to vserver needs to do some stuff in post-auth. However it
looks like post-auth is not actually called; instead, only the post-auth
of the original vserver is.
Is that desired/expected behaviour in 3.0.4?
The symptoms of this boils down to these two lines:
Debug: (55) modsingle[authenticate]: returned from pap (rlm_pap) for
request 55
Debug: (55) [pap] = ok
Debug: (55) } # Auth-Type PAP = ok
Debug: (55) Empty post-proxy section. Using default return values.
Debug: (55) Found Auth-Type = Accept
Debug: (55) Auth-Type = Accept, accepting the user
Debug: (55) # Executing section post-auth from file
/usr/local/freeradius/config/raddb/sites-enabled/AAI
The PAP instance there is the one from the proxied-to vserver; must be,
as it knows my password and the retrieval of that password is unique to
the vserver in question.
The next line speaks about empty post-proxy; that looks like the initial
vserver kicks in right after authenticate { } with its PAP is finished.
It then executes post-auth from the initial vserver, not the one from
proxied-to (the proxied-to vserver is called "staff", not "AAI"). That's
not helpful for my setup :-(
So... just wondering if this is a bug or if I'm going to need a majorish
rethink of my post-auth logic here...
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x8A39DC66.asc
Type: application/pgp-keys
Size: 3243 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140922/31a29f11/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140922/31a29f11/attachment.pgp>
More information about the Freeradius-Users
mailing list