Michael Schlies wrote:
Hello all, I seem to be running into an issue with a RADIUS setup I am doing. I am setting up a server that hosts 5 radius instances in 1.x and does realm proxying to 4 of them but uses one realm (realm 'a.com' in this case) as its default. so if requests for 'b.com', 'c.com', etc come in they get relayed on to their radius server and that result is relayed back to the NAS. In 2.0 I want to merge these separate instances into a single instance using virtual servers. The problem I am running into is I can see that accounts are being successfully authenticated on the virtual servers however the home server is returning Access-Reject unless the user authenticated is one of its local users...
So... update your policies so that it doesn't do user lookups for proxied packets.
Mon Oct 12 13:39:45 2009 : Debug: rlm_sql (sql-a): User found in group DISABLED
That would seem to be definitive. Why are you disabling users when you want them to be authenticated? Alan DeKok.