Alan thanks for the reply.

I already have radiusa which does the LDAP authentication ( which has ldap1 and ldap2 groups) . New business request came to add POP3 authentication for third party. so I added new radius server radiusb which does the POP3 auth.

I am using radiusa to do proxy depends on the realm xyz.net to forward to radiusb and all other requests (no realm in the usernames) still go to radiusa.

I am running radiusa on 1812 and radiusb on 1912. I did not see any log messages in radiusb server. I thought when using radiusa proxy, it forwards the request to radiusb.

The user testaccount@xyz.net is configured in radiusb which does pop3 auth. No testaccount@xyz.net user exists in radiusa ( in ldap).

Hope this helps. Let me know if I am doing it right.
Here is the radius -X log,

rad_recv: Access-Request packet from host 167.206.23.94:1357, id=15, length=59
        User-Name = "testaccount@xyz.net"
        User-Password = "test"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: Looking up realm "xyz.net" for User-Name = "testaccount@xyz.net"
    rlm_realm: Found realm "xyz.net"
    rlm_realm: Adding Stripped-User-Name = "testaccount"
    rlm_realm: Proxying request from user testaccount to realm xyz.net
    rlm_realm: Adding Realm = "xyz.net"
    rlm_realm: Preparing to proxy authentication request to realm "xyz.net"
  modcall[authorize]: module "suffix" returns updated for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched entry DEFAULT at line 75
    users: Matched entry DEFAULT at line 180
    users: Matched entry DEFAULT at line 184
  modcall[authorize]: module "files" returns ok for request 0
modcall: entering group group for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testaccount
radius_xlat:  '(uid=testaccount)'
radius_xlat:  'dc=opt,dc=net,o=internet'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap1:389, authentication 0
rlm_ldap: bind as uid=mmpProxy,o=internet/MMPass to ldap1:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=opt,dc=net,o=internet, with filter (uid=testaccount)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap1" returns notfound for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testaccount
radius_xlat:  '(&(uid=testaccount)(entitlements=WIFILOC1))'
radius_xlat:  'ou=roles,o=entitlement'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap://ldap2:1389, authentication 0
rlm_ldap: bind as uid=appuser,ou=appadm,o=entitlement/PaBlAn0 to ldap://ldap2:1389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=roles,o=entitlement, with filter (&(uid=testaccount)(entitlements=WIFILOC1))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap2" returns notfound for request 0
modcall: group group returns reject for request 0
modcall: group authorize returns reject for request 0
Invalid user (rlm_ldap: User not found): [testaccount@xyz.net] (from client test1 port 0)
Cancelling proxy as request was already rejected
Request 0 rejected in proxy_send.
Server rejecting request 0.
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 15 to 167.206.23.94:1357
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 15 with timestamp 48b424b1
Nothing to do.  Sleeping until we see a request.






--- On Tue, 8/26/08, Alan DeKok <aland@deployingradius.com> wrote:
From: Alan DeKok <aland@deployingradius.com>
Subject: Re: Pop3 and LDAP authentication...Multiple radius servers
To: workoutexcite@yahoo.com, "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org>
Date: Tuesday, August 26, 2008, 12:00 PM

Eric Martell wrote:
> Here is the entire log.
...
> rlm_ldap: performing search in dc=test1,dc=net,o=internet, with filter
> (uid=testaccount)

If you're proxying the request, why have you configured the server to
do lookups in LDAP?

> ldap://vadsdsdsad:389 failed: Can't contact LDAP server
> rlm_ldap: (re)connection attempt failed
> rlm_ldap: search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap2" returns fail for request 0
> modcall: group group returns reject for request 0

That would seem to show why it's being rejeect. The LDAP server is
down. And I don't think "vadsdsdsad" is a real host name in your
network.

Perhaps you could explain why you think the server should work after
you've configured it to use resources that don't exist.

Alan DeKok.