OK, I think I'm another step closer now. I made the suggested change and there was no change in the logs. EAP still was not being done on the local machine and was failing on the proxy. However, I tried creating a second domain, set the original domain to go to LOCAL and the second domain to go to the proxy server. When I do that the proxy properly authenticates to Open Directory, step one. However, eventually I get a failure in rlm_eap again. modcall: entering group authenticate for request 8 rlm_eap: Request not found in the list rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request rlm_eap: Failed in handler Am I on to the beginning of a solution by using two domains or do I need to go back and then change something else? Kerry Tobin
------------------------------
Message: 7 Date: Wed, 05 Nov 2008 00:07:50 +0100 From: <tnt@kalik.net> Subject: Re: Unable to authenticate to Open Directory To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Message-ID: <OVuOqjFE.1225840070.2492580.tnt@kalik.net> Content-Type: text/plain; charset=ISO-8859-2
I think we're back to what I had been trying to do on my test machines now and still can't seem to get working.
When I add "DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To- Realm := DOMAIN" to users of the first server (I believe that's the correct place to put it). I get "rlm_eap: Request is supposed to be proxied to Realm DOMAIN. Not doing EAP." on the first server and the proxy server still says " rlm_eap: Identity does not match User-Name, setting from EAP Identity."
There is a setting proxy_tunneled_request_as_eap in peap section of eap.conf. Change that to no.
Ivan Kalik Kalik Informatika ISP