Credentials differ when proxying

Geoffrey D. Bennett g at netcraft.com.au
Tue Oct 20 18:40:00 CEST 2020


Hi Julien,

Sorry I'm no expert here and I don't know how to fix your problem, but
I can see some things wrong with what you are doing.

Please try:

1) check your proxy config on server A (your earlier email showed that
it was probably proxying, and your later email showed it probably not
proxying)

2) confirm your shared secret on server A matches server B (your
earlier email indicated that it was wrong)

3) if you still can't get it working, post the "radiusd -X" output
from server A as per
https://wiki.freeradius.org/guide/Users%20Mailing%20List

Regards,
Geoffrey.

On Tue, Oct 20, 2020 at 11:44:51PM +1030, Julien Cochennec wrote:
> Ok, really sorry. I did read it.
> 
> I read a lot of docs about FreeRadius (most of it on the wiki) in a
> very short amount of time, so if I missed that doc, again, sorry.
> 
> Which doc are we talking about BTW? I may have missed it, and I
> swear I did read a lot of docs since 4 months, mostly about ldap,
> proxy, clients and realms.
> 
> I found the docs I read very useful, and it was a lot to compute,
> I'm a Radius noob, doing what I can.
> 
> I searched for many messages on this list before posting, I didn't
> manage to see, in all the infos in the output, which one was useful,
> sorry for that too.
> 
> For example, I thought the "No eap message" was the problem, but it
> looks like it isn't.
> 
> 
> I didn't get where to look.
> 
> The debug information is on A, which is supposed to be a "pure"
> proxy, no auth, just proxying.
> 
> But the Ldap is on B, which is a home server that does only Ldap
> auth for proxied requests.
> 
> I first thought the proxy was modifying the password but had no idea
> why and found nothing about it.
> 
> 
> I totally understand it is frustrating for you to write so much
> content people don't read.
> 
> It's been 4 months reading and testing for me, and I'm still lost in
> the debug output, you may not believe it, but it's frustrating too,
> I'm helpless.
> 
> It's the second thing I read, after the Kibana log parsing result.
> 
> I althought thought a realm (null or default) was missing in my
> conf, but found nothing to confirm this.
> 
> 
> Thanks for your help anyway Alan.
> 
> 
> Le 20/10/2020 à 15:05, Alan DeKok a écrit :
> >   So.... READ THE DEBUG OUTPUT YOU POSTED TO THE LIST.
> 
> -- 
> Julien Cochennec
> Pôle de compétences - gestion des identités
> 
> Mél julien.cochennec at ac-orleans-tours.fr
> Tél 02 38 83 48 88
> 
> DSI - Rectorat d'Orléans-Tours
> 10 Rue Molière
> 45000 Orléans
> www.ac-orleans-tours.fr
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 
Geoffrey D. Bennett <g at netcraft.com.au>     http://www.netcraft.com.au
Senior Systems Engineer, Netcraft Australia            +61 8 8133 3333

-----
Copyright Notice

All rights reserved. Other than for the internal business use of the
Customer, no part of this publication may be reprinted, reproduced,
stored in a retrieval system or transmitted in any form or by any
means without prior permission in writing from Netcraft Australia Pty
Ltd.

This document contains confidential information of Netcraft Australia
Pty Ltd.  In consideration of receipt of this document, the Customer
agrees to maintain such information in confidence and not to reproduce
or otherwise disclose this information to any person outside the group
directly responsible for the evaluation of its contents.


More information about the Freeradius-Users mailing list