order of realm processing
i have domain1\user1 and this get radius proxy correctly to the radius1 server (11.11.11.11) based on ntdomain prefix have also set the ignore_null = yes i have user1@domain1 and this get radius proxy correctly to the radius1 server (11.11.11.11) based on suffix have also set the ignore_null = yes *under /modules/realm * realm ntdomain { format = prefix delimiter = "\\" ignore_default = yes ignore_null = yes } realm suffix { format = suffix delimiter = "@" ignore_default = yes ignore_null = yes } *Under proxy.conf* realm domain1 { type = radius nostrip authhost = 11.11.11.11:1812 accthost = 11.11.11.11:1813 secret = secret1 } realm NULL { type = auth authhost = 22.22.22.22:1812 accthost = 22.22.22.22:1813 secret = secret1 } *Debug * *[ntdomain] No '\' in User-Name = "user2", skipping NULL due to config. ++[ntdomain] returns noop [suffix] No '@' in User-Name = "user2", skipping NULL due to config. ++[suffix] returns noop* [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> user2 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 3 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 3 Sending Access-Reject of id 211 to 3.3.3.3 port 1645 Waking up in 1.0 seconds. Cleaning up request 2 ID 210 with timestamp +14 Waking up in 3.9 seconds. Cleaning up request 3 ID 211 with timestamp +17 Ready to process requests. i have user2 (without domain) and this get rejected, i want it to send to radius2 server (22.22.22.22) as defined in the NULL domain as defined in the proxy.conf. Can advise how to do this?
Any one got any advice? On Sat, Dec 19, 2009 at 12:46 AM, green green <gggreen4@gmail.com> wrote:
i have domain1\user1 and this get radius proxy correctly to the radius1 server (11.11.11.11) based on ntdomain prefix have also set the ignore_null = yes
i have user1@domain1 and this get radius proxy correctly to the radius1 server (11.11.11.11) based on suffix have also set the ignore_null = yes
*under /modules/realm * realm ntdomain { format = prefix delimiter = "\\" ignore_default = yes ignore_null = yes }
realm suffix { format = suffix delimiter = "@" ignore_default = yes ignore_null = yes }
*Under proxy.conf*
realm domain1 { type = radius nostrip authhost = 11.11.11.11:1812 accthost = 11.11.11.11:1813 secret = secret1 }
realm NULL { type = auth authhost = 22.22.22.22:1812 accthost = 22.22.22.22:1813 secret = secret1 }
*Debug * *[ntdomain] No '\' in User-Name = "user2", skipping NULL due to config. ++[ntdomain] returns noop [suffix] No '@' in User-Name = "user2", skipping NULL due to config. ++[suffix] returns noop* [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> user2 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 3 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 3 Sending Access-Reject of id 211 to 3.3.3.3 port 1645 Waking up in 1.0 seconds. Cleaning up request 2 ID 210 with timestamp +14 Waking up in 3.9 seconds. Cleaning up request 3 ID 211 with timestamp +17 Ready to process requests.
i have user2 (without domain) and this get rejected, i want it to send to radius2 server (22.22.22.22) as defined in the NULL domain as defined in the proxy.conf. Can advise how to do this?
Hi,
Under proxy.conf
realm domain1 { type = radius nostrip authhost = 11.11.11.11:1812<http://11.11.11.11:1812> accthost = 11.11.11.11:1813<http://11.11.11.11:1813> secret = secret1 }
realm NULL { type = auth authhost = 22.22.22.22:1812<http://22.22.22.22:1812> accthost = 22.22.22.22:1813<http://22.22.22.22:1813> secret = secret1 }
<snip> let me give you the info from proxy.conf # Allowed values are: # auth - Handles Access-Request packets # acct - Handles Accounting-Request packets # auth+acct - Handles Access-Request packets at "port", # and Accounting-Request packets at "port + 1" # coa - Handles CoA-Request and Disconnect-Request packets. # See also raddb/sites-available/originate-coa type = auth type = radius ? hmmm. thats not valid at all. also, whats all that <http://22.22.22.22:1812> stuff after the address? just have the address:port nothing else. did you copy a config from some web page? alan
Under proxy.conf realm domain1 { type = radius nostrip authhost = 11.11.11.11:1812 accthost = 11.11.11.11:1813 secret = secret1 } realm NULL { type = auth authhost = 22.22.22.22:1812 accthost = 22.22.22.22:1813 secret = secret1 } There is no "<http://11.11.11.11:1812>" or "<http://11.11.11.11:1813<http://11.11.11.11:1812/>>". It is just the format that is include when post from gmai. It is just authhost = 11.11.11.11:1812 and accthost = 11.11.11.11:1813. It is just authhost = 22.22.22.22:1812 and 22.22.22.22:1813. See *http://wiki.freeradius.org/Proxy.conf. *type = radius is valid. I did not get any error when i compiled it using radiusd -X. See earlier email for my question: i have user2 (without domain) and this get rejected, i want it to send to radius2 server (22.22.22.22) as defined in the NULL domain as defined in the proxy.conf. Can anyone advise and thanks. On Sat, Dec 19, 2009 at 4:26 AM, Alan Buxey <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,
Under proxy.conf
realm domain1 { type = radius nostrip authhost = 11.11.11.11:1812<http://11.11.11.11:1812> accthost = 11.11.11.11:1813<http://11.11.11.11:1813> secret = secret1 }
realm NULL { type = auth authhost = 22.22.22.22:1812<http://22.22.22.22:1812> accthost = 22.22.22.22:1813<http://22.22.22.22:1813> secret = secret1 }
<snip>
let me give you the info from proxy.conf
# Allowed values are: # auth - Handles Access-Request packets # acct - Handles Accounting-Request packets # auth+acct - Handles Access-Request packets at "port", # and Accounting-Request packets at "port + 1" # coa - Handles CoA-Request and Disconnect-Request packets. # See also raddb/sites-available/originate-coa type = auth
type = radius ?
hmmm. thats not valid at all.
also, whats all that <http://22.22.22.22:1812> stuff after the address? just have the address:port nothing else. did you copy a config from some web page?
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Can anyone advise and thanks? i have domain1\user1 and this get radius proxy correctly to the radius1 server (11.11.11.11) based on ntdomain prefix have also set the ignore_null = yes i have user1@domain1 and this get radius proxy correctly to the radius1 server (11.11.11.11) based on suffix have also set the ignore_null = yes under /modules/realm realm ntdomain { format = prefix delimiter = "\\" ignore_default = yes ignore_null = yes } realm suffix { format = suffix delimiter = "@" ignore_default = yes ignore_null = yes } Under proxy.conf realm domain1 { type = radius nostrip authhost = 11.11.11.11:1812 accthost = 11.11.11.11:1813 secret = secret1 } realm NULL { type = auth authhost = 22.22.22.22:1812 accthost = 22.22.22.22:1813 secret = secret1 } Debug [ntdomain] No '\' in User-Name = "user2", skipping NULL due to config. ++[ntdomain] returns noop [suffix] No '@' in User-Name = "user2", skipping NULL due to config. ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> user2 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 3 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 3 Sending Access-Reject of id 211 to 3.3.3.3 port 1645 Waking up in 1.0 seconds. Cleaning up request 2 ID 210 with timestamp +14 Waking up in 3.9 seconds. Cleaning up request 3 ID 211 with timestamp +17 Ready to process requests. i have user2 (without domain) and this get rejected, i want it to send to radius2 server (22.22.22.22) as defined in the NULL domain as defined in the proxy.conf. Can advise how to do this?
i have domain1\user1 and this get radius proxy correctly to the radius1 server (11.11.11.11) based on ntdomain prefix have also set the ignore_null = yes
i have user1@domain1 and this get radius proxy correctly to the radius1 server (11.11.11.11) based on suffix have also set the ignore_null = yes
under /modules/realm realm ntdomain { format = prefix delimiter = "\\" ignore_default = yes ignore_null = yes }
realm suffix { format = suffix delimiter = "@" ignore_default = yes ignore_null = yes }
Under proxy.conf
realm domain1 { type = radius nostrip authhost = 11.11.11.11:1812 accthost = 11.11.11.11:1813 secret = secret1 }
realm NULL { type = auth authhost = 22.22.22.22:1812 accthost = 22.22.22.22:1813 secret = secret1 }
Debug
[ntdomain] No '\' in User-Name = "user2", skipping NULL due to config. ++[ntdomain] returns noop [suffix] No '@' in User-Name = "user2", skipping NULL due to config. ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> user2 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 3 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 3 Sending Access-Reject of id 211 to 3.3.3.3 port 1645 Waking up in 1.0 seconds. Cleaning up request 2 ID 210 with timestamp +14 Waking up in 3.9 seconds. Cleaning up request 3 ID 211 with timestamp +17 Ready to process requests.
i have user2 (without domain) and this get rejected, i want it to send to radius2 server (22.22.22.22) as defined in the NULL domain as defined in the proxy.conf. Can advise how to do this?
Remove ignore_null from suffix. Ivan Kalik
participants (3)
-
Alan Buxey -
green green -
tnt@kalik.net