Hi,
to authenticate with the eduroam user. It seems that although the request is proxied, my server tries to locally check the authorized attributes of the user against my local ldap server. And since no such user exists ldap returns : object not found
use unlang to put a protection wrapper around your ldap eg if (%{realm} == /yourrealm.com/){ ldap }
Next, my server proxies an other request with empty attributes certainly resulting from the previous object found result : Sending Access-Request of id 144 to 193.190.198.59 port 1812 User-Name := "" User-Password := "" Service-Type := Authenticate-Only Message-Authenticator := 0x00000000000000000000000000000000 NAS-Identifier := "Status Check. Are you alive?"
this is a status-check packet - your server is configured to sent status-check packets tothe remote proxy to check if its up/alive - there is no response to this request - so thats bad. you COULD configure proxy.conf for that remote proxy to use a username/pass (ideally a BAD password to get a REJECT) for this purpose if the remote proxy isnt responding to these packets as it should. for status requests a reject is as good as an accept...you get a response..thats what the server wants. you also then avoid leaking WORKING credentials into the system :-) alan