<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><blockquote type="cite"><span class="Apple-style-span" style="border-collapse: separate; font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><span class="Apple-style-span" style="font-family: monospace; "><br>Hi,<br><br><blockquote type="cite"> to authenticate with the eduroam user. It seems that although the<br></blockquote><blockquote type="cite"> request is proxied, my server tries to locally check the authorized<br></blockquote><blockquote type="cite"> attributes of the user against my local ldap server. And since no<br></blockquote><blockquote type="cite"> such user exists ldap returns : object not found<br></blockquote><br>use unlang to put a protection wrapper around your ldap eg<br><br>if (%{realm} == /yourrealm.com/){<br><span class="Apple-tab-span" style="white-space: pre; "> </span>ldap<br>}<br></span></span></blockquote></div><br><div>I solved it in the users file:</div><div><br></div><div><div>DEFAULT Realm == "<a href="http://yourrealm.com">yourrealm.com</a>", Ldap-Group == "your_ldap_group"</div><div> Service-Type = "Framed-User",</div><div> Reply-Message = "Eduroam instuition",</div><div> Framed-MTU = 1300,</div><div> Tunnel-Type = VLAN,</div><div> Tunnel-Medium-Type = IEEE-802,</div><div> Tunnel-Private-Group-Id = "xxxx"</div></div><div><br></div></body></html>