<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;">Alan thanks for the reply.<br><br>I already have radiusa which does the LDAP authentication ( which has ldap1 and ldap2 groups) . New business request came to add POP3 authentication for third party. so I added new radius server radiusb which does the POP3 auth.<br><br>I am using radiusa to do proxy depends on the realm xyz.net to forward to radiusb and all other requests (no realm in the usernames) still go to radiusa.<br><br>I am running radiusa on 1812 and radiusb on 1912. I did not see any log messages in radiusb server. I thought when using radiusa proxy, it forwards the request to radiusb.<br><br>The user testaccount@xyz.net is configured in radiusb which does pop3 auth. No testaccount@xyz.net user exists in radiusa ( in ldap).<br><br>Hope this helps. Let me know if I am doing it right.<br>Here is the radius -X log, <br><br>rad_recv: Access-Request packet
from host 167.206.23.94:1357, id=15, length=59<br> User-Name = "testaccount@xyz.net"<br> User-Password = "test"<br> Processing the authorize section of radiusd.conf<br>modcall: entering group authorize for request 0<br> modcall[authorize]: module "preprocess" returns ok for request 0<br> modcall[authorize]: module "chap" returns noop for request 0<br> modcall[authorize]: module "mschap" returns noop for request 0<br> rlm_realm: Looking up realm "xyz.net" for User-Name = "testaccount@xyz.net"<br> rlm_realm: Found realm "xyz.net"<br> rlm_realm: Adding Stripped-User-Name = "testaccount"<br> rlm_realm: Proxying request from user testaccount to realm xyz.net<br> rlm_realm: Adding Realm = "xyz.net"<br> rlm_realm: Preparing to proxy authentication
request to realm "xyz.net" <br> modcall[authorize]: module "suffix" returns updated for request 0<br> rlm_eap: No EAP-Message, not doing EAP<br> modcall[authorize]: module "eap" returns noop for request 0<br> users: Matched entry DEFAULT at line 75<br> users: Matched entry DEFAULT at line 180<br> users: Matched entry DEFAULT at line 184<br> modcall[authorize]: module "files" returns ok for request 0<br>modcall: entering group group for request 0<br>rlm_ldap: - authorize<br>rlm_ldap: performing user authorization for testaccount<br>radius_xlat: '(uid=testaccount)'<br>radius_xlat: 'dc=opt,dc=net,o=internet'<br>rlm_ldap: ldap_get_conn: Checking Id: 0<br>rlm_ldap: ldap_get_conn: Got Id: 0<br>rlm_ldap: attempting LDAP reconnection<br>rlm_ldap: (re)connect to ldap1:389, authentication 0<br>rlm_ldap: bind as uid=mmpProxy,o=internet/MMPass to ldap1:389<br>rlm_ldap: waiting
for bind result ...<br>rlm_ldap: Bind was successful<br>rlm_ldap: performing search in dc=opt,dc=net,o=internet, with filter (uid=testaccount)<br>rlm_ldap: object not found or got ambiguous search result<br>rlm_ldap: search failed<br>rlm_ldap: ldap_release_conn: Release Id: 0<br> modcall[authorize]: module "ldap1" returns notfound for request 0<br>rlm_ldap: - authorize<br>rlm_ldap: performing user authorization for testaccount<br>radius_xlat: '(&(uid=testaccount)(entitlements=WIFILOC1))'<br>radius_xlat: 'ou=roles,o=entitlement'<br>rlm_ldap: ldap_get_conn: Checking Id: 0<br>rlm_ldap: ldap_get_conn: Got Id: 0<br>rlm_ldap: attempting LDAP reconnection<br>rlm_ldap: (re)connect to ldap://ldap2:1389, authentication 0<br>rlm_ldap: bind as uid=appuser,ou=appadm,o=entitlement/PaBlAn0 to ldap://ldap2:1389<br>rlm_ldap: waiting for bind result ...<br>rlm_ldap: Bind was successful<br>rlm_ldap: performing search in ou=roles,o=entitlement, with
filter (&(uid=testaccount)(entitlements=WIFILOC1))<br>rlm_ldap: object not found or got ambiguous search result<br>rlm_ldap: search failed<br>rlm_ldap: ldap_release_conn: Release Id: 0<br> modcall[authorize]: module "ldap2" returns notfound for request 0<br>modcall: group group returns reject for request 0<br>modcall: group authorize returns reject for request 0<br>Invalid user (rlm_ldap: User not found): [testaccount@xyz.net] (from client test1 port 0)<br>Cancelling proxy as request was already rejected<br>Request 0 rejected in proxy_send.<br>Server rejecting request 0.<br>Finished request 0<br>Going to the next request<br>--- Walking the entire request list ---<br>Waking up in 1 seconds...<br>--- Walking the entire request list ---<br>Waking up in 1 seconds...<br>--- Walking the entire request list ---<br>Sending Access-Reject of id 15 to 167.206.23.94:1357<br>Waking up in 4 seconds...<br>--- Walking the entire request list ---<br>Cleaning
up request 0 ID 15 with timestamp 48b424b1<br>Nothing to do. Sleeping until we see a request.<br><br><br><br><br><br><br>--- On <b>Tue, 8/26/08, Alan DeKok <i><aland@deployingradius.com></i></b> wrote:<br><blockquote style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;">From: Alan DeKok <aland@deployingradius.com><br>Subject: Re: Pop3 and LDAP authentication...Multiple radius servers<br>To: workoutexcite@yahoo.com, "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org><br>Date: Tuesday, August 26, 2008, 12:00 PM<br><br><pre>Eric Martell wrote:<br>> Here is the entire log.<br>...<br>> rlm_ldap: performing search in dc=test1,dc=net,o=internet, with filter<br>> (uid=testaccount)<br><br> If you're proxying the request, why have you configured the server to<br>do lookups in LDAP?<br><br>> ldap://vadsdsdsad:389 failed: Can't contact LDAP server<br>> rlm_ldap:
(re)connection attempt failed<br>> rlm_ldap: search failed<br>> rlm_ldap: ldap_release_conn: Release Id: 0<br>> modcall[authorize]: module "ldap2" returns fail for request 0<br>> modcall: group group returns reject for request 0<br><br> That would seem to show why it's being rejeect. The LDAP server is<br>down. And I don't think "vadsdsdsad" is a real host name in your<br>network.<br><br> Perhaps you could explain why you think the server should work after<br>you've configured it to use resources that don't exist.<br><br> Alan DeKok.<br></pre></blockquote></td></tr></table><br>