Hello, I set up FreeRadius in order to proxy certain realm to another Radius server (which is not under my control at all). The shared secret is the same. I put the address of the other Radius server in the proxy.conf file. My Radius sends the request 5 times to the other Radius server and then gives up marking the server dead (but it is not). This is what comes out : Cleaning up request 104 ID 0 with timestamp 444f845d Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.3.1.60:2050, id=0, length=147 User-Name = "testyyyy@xxxx.es" NAS-IP-Address = 10.3.1.60 Called-Station-Id = "0014bfef3609" Calling-Station-Id = "001124a87bc6" NAS-Identifier = "0014bfef3609" NAS-Port = 21 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0200001601746573746963666f4063657363612e6573 Message-Authenticator = 0xb82a0c651648b9bab3d9860388e081db Processing the authorize section of radiusd.conf modcall: entering group authorize for request 105 modcall[authorize]: module "preprocess" returns ok for request 105 radius_xlat: '/usr/local/var/log/radius/radacct/10.3.1.60/auth- detail-20060426' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/ auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/ 10.3.1.60/auth-detail-20060426 modcall[authorize]: module "auth_log" returns ok for request 105 rlm_realm: Looking up realm "xxxx.es" for User-Name = "testyyyy@xxxx.es" rlm_realm: Found realm "DEFAULT" rlm_realm: Proxying request from user testyyyy to realm DEFAULT rlm_realm: Adding Realm = "DEFAULT" rlm_realm: Preparing to proxy authentication request to realm "DEFAULT" modcall[authorize]: module "suffix" returns updated for request 105 rlm_eap: Request is supposed to be proxied to Realm DEFAULT. Not doing EAP. modcall[authorize]: module "eap" returns noop for request 105 users: Matched entry DEFAULT at line 161 modcall[authorize]: module "files" returns ok for request 105 rlm_ldap: - authorize rlm_ldap: performing user authorization for testyyyy@xxxx.es radius_xlat: '(uid=testyyyy@xxxx.es)' radius_xlat: 'ou=People, dc=yyyy, dc=es' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=People, dc=yyyy, dc=es, with filter (uid=testyyyy@xxxx.es) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 105 modcall: leaving group authorize (returns updated) for request 105 Processing the pre-proxy section of radiusd.conf modcall: entering group pre-proxy for request 105 radius_xlat: '/usr/local/var/log/radius/radacct/10.3.1.60/pre-proxy- detail-20060426' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/ pre-proxy-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/ 10.3.1.60/pre-proxy-detail-20060426 modcall[pre-proxy]: module "pre_proxy_log" returns ok for request 105 modcall: leaving group pre-proxy (returns ok) for request 105 Sending Access-Request of id 12 to aa.bb.cc.dd port 1812 User-Name = "testyyyy@xxxx.es" NAS-IP-Address = 10.3.1.60 Called-Station-Id = "0014bfef3609" Calling-Station-Id = "001124a87bc6" NAS-Identifier = "0014bfef3609" NAS-Port = 21 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0200001601746573746963666f4063657363612e6573 Message-Authenticator = 0x00000000000000000000000000000000 Proxy-State = 0x30 --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.3.1.60:2050, id=0, length=147 Dropping conflicting packet from client APtest:2050 - ID: 0 due to unfinished request 105 --- Walking the entire request list --- Waking up in 2 seconds... --- Walking the entire request list --- Re-sending Access-Request of id 12 to aa.bb.cc.dd port 1812 User-Name = "testyyyy@xxxx.es" NAS-IP-Address = 10.3.1.60 Called-Station-Id = "0014bfef3609" Calling-Station-Id = "001124a87bc6" NAS-Identifier = "0014bfef3609" NAS-Port = 21 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0200001601746573746963666f4063657363612e6573 Message-Authenticator = 0x00000000000000000000000000000000 Client-IP-Address = 10.3.1.60 Realm = "DEFAULT" EAP-Type = Identity Module-Failure-Message = "rlm_ldap: User not found" Realm = "DEFAULT" Proxy-State = 0x30 Waking up in 5 seconds... --- Walking the entire request list --- Re-sending Access-Request of id 12 to aa.bb.cc.dd port 1812 User-Name = "testyyyy@xxxx.es" NAS-IP-Address = 10.3.1.60 Called-Station-Id = "0014bfef3609" Calling-Station-Id = "001124a87bc6" NAS-Identifier = "0014bfef3609" NAS-Port = 21 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0200001601746573746963666f4063657363612e6573 Message-Authenticator = 0x00000000000000000000000000000000 Client-IP-Address = 10.3.1.60 Realm = "DEFAULT" EAP-Type = Identity Module-Failure-Message = "rlm_ldap: User not found" Realm = "DEFAULT" Proxy-State = 0x30 Waking up in 5 seconds... --- Walking the entire request list --- Server rejecting request 105. marking authentication server aa.bb.cc.dd:1812 for realm DEFAULT dead Waking up in 0 seconds... --- Walking the entire request list --- Sending Access-Reject of id 0 to 10.3.1.60 port 2050 Cleaning up request 105 ID 0 with timestamp 444f84d5 Nothing to do. Sleeping until we see a request. Why is there a "Module-Failure-Message = "rlm_ldap: User not found""? Of course the user won't be found in the local ldap database since this realm is supposed to be proxied. The radius server is obviously looking in the local ldap database with the unstriped username before proxying this request. Is there not a way, in case the realm of the username has to be proxied not to look for it locally in the ldap database fisrt? If anyone has an idea why i don't get any answer, i would be gratefull. Thank you.