Dear developers/experts, I haven't bugged you guys for too long so I decided to come back with a strange question so you know that I'm still your loyal user. I need to proxy requests with the following username pattern to a remote server. host/<PC name>.gtcorp.com This is what the username looks like when the Windows PC is doing PEAP with use of the PC's name instead of the actual user's username. Don't know why but seems to be strange! So I guess my first question is that, is it possible to have wildcard (e.g. "*") in the realm name? I did read all the docs I could possibly found and I tested the configs as well but I couldn't get it to work... Here is the debug while I'm doing testing with radtest program. As you see that it always matches the "DEFAULT" realm but not the *.gtcorp.com that I defined... I'm using 2.1.6 on RHEL4. So! Help help! [root@NE_OVI ~]# radtest 'host/difan.gtcorp.com' xxxx localhost 0 test123 Sending Access-Request of id 163 to 127.0.0.1 port 1812 User-Name = "host/difan.gtcorp.com" User-Password = "xxxx" NAS-IP-Address = 66.150.161.140 NAS-Port = 0 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=163, length=20 ------------------------------------------------------------------------ ------------ rad_recv: Access-Request packet from host 127.0.0.1 port 15676, id=163, length=73 User-Name = "host/difan.gtcorp.com" User-Password = "xxxx" NAS-IP-Address = 66.150.161.140 NAS-Port = 0 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [GTCORP] Looking up realm "difan.gtcorp.com" for User-Name = "host/difan.gtcorp.com" [GTCORP] Found realm "DEFAULT" [GTCORP] Adding Realm = "DEFAULT" [GTCORP] Proxying request from user host to realm DEFAULT [GTCORP] Preparing to proxy authentication request to realm "DEFAULT" ++[GTCORP] returns updated [suffix] Request already proxied. Ignoring. ++[suffix] returns ok ... The followings are my relevant configs: ================================================================== /etc/raddb/proxy.conf (I did try many other realm names such as *.gtcorp.com as well) ================================================================== proxy server { default_fallback = no } ############################### home_server GTK_Radius_Auth { type = auth ipaddr = 1.1.1.1 port = 1812 secret = xxxx } home_server GTK_Radius_Acct { type = acct ipaddr = 1.1.1.1 port = 1813 secret = xxxx } #################################################### home_server_pool GTK_Radius_Auth_Pool { type = fail-over home_server = GTK_Radius_Auth } home_server_pool GTK_Radius_Acct_Pool { type = fail-over home_server = GTK_Radius_Acct } #################################################### realm ~"*.gtcorp.com" { nostrip auth_pool = GTK_Radius_Auth_Pool acct_pool = GTK_Radius_Acct_Pool } # # This realm is for requests which don't have an explicit realm # prefix or suffix. User names like "bob" will match this one. # realm NULL { nostrip auth_pool = GTK_Radius_Auth_Pool acct_pool = GTK_Radius_Acct_Pool } # # This realm is for ALL OTHER requests. # realm DEFAULT { nostrip auth_pool = GTK_Radius_Auth_Pool acct_pool = GTK_Radius_Acct_Pool } =========================================================== /etc/raddb/modules/realm =========================================================== realm GTCORP { format = suffix delimiter = "/" } ========================================================== /etc/raddb/sites-available/default ========================================================== ... authorize { preprocess chap mschap GTCORP Suffix ... } Thanks!! Difan Zhao, M.Eng Network Engineer Guest-Tek Interactive Entertainment Inc. Email: difan.zhao@guest-tek.com <mailto:difan.zhao@guest-tek.com> Office: +1 (403) 509 1010 ext 3048 Cell: +1 (403) 689 7514 www.guest-tek.com <http://www.guest-tek.com> http://www.guest-tek.com/images/Guest-Tek%20-%20Formal_files/Logo.jpg<ht tp://www.guest-tek.com/images/Guest-Tek%20-%20Formal_files/Logo.jpg> INTERNET | MEDIA | VOICE http://www.guest-tek.com/images/Guest-Tek%20-%20Formal_files/image004.jp g<http://www.guest-tek.com/images/Guest-Tek%20-%20Formal_files/image004. jpg> The contents of this email are confidential and intended for the recipient only. If you have received this email in error, please notify us, and destroy all copies.