Possible bug in shipped configuration file.
Hi, I don't know if this has been reported/discussed before, but it happened to me last week. I was trying to setup a freeradius (2.0.5) to authenticate requests from my access point (using WPA Enterprise) aganist an LDAP server. It was working fine using the "radclient", but the requests from the AP were buonced claiming that no authentication metod was set. I checked the configuration file more than once, googled a lot but was unable to solve. After almost a day of trying, I noticed a line in the debug (radiusd -X) that said something about proxying. So I remembered to have seen a statement in the "inner-server" configuration: #update control { # Proxy-To-Realm := LOCAL #} In the configuration file installed by the installation procedure that part was uncommented; adding the comments was enough to make the server work. I'm not an expert in this application and I don't know why that part was uncommented, but, may I suggest to uncomment that part in the configuration file ? Thank you for your great work. Bye.
Maurizio Cimaschi wrote:
I'm not an expert in this application and I don't know why that part was uncommented, but, may I suggest to uncomment that part in the configuration file ?
I mean, may I suggest to *comment* that part in the default configuration file. (Sorry for the mistype).
Maurizio Cimaschi wrote:
... After almost a day of trying, I noticed a line in the debug (radiusd -X) that said something about proxying. So I remembered to have seen a statement in the "inner-server" configuration: ... In the configuration file installed by the installation procedure that part was uncommented; adding the comments was enough to make the server work.
Please read the comments before that entry in the configuration file. The only way this breaks the server is if you are proxying the inner tunnel authentication. Alan DeKok.
Alan DeKok wrote:
Please read the comments before that entry in the configuration file. The only way this breaks the server is if you are proxying the inner tunnel authentication.
I read that comment. And I did not understand it. I don't even know how to "proxying the inner tunnel authentication". Since my inexperience with the tool, I was (and am) relaying on the default configuration with the least possible change (and since I'm just playing with the AP in my home, that can be enought for now). In radiusd.conf I have: proxy_requests = no #$INCLUDE proxy.conf (note that the above comments say that proxying is "on" by default) If I comment the lines in "inner-tunnel" it works. If they are uncommented it is unable to authenticate users. Am I missing something ?
Maurizio Cimaschi wrote:
If I comment the lines in "inner-tunnel" it works. If they are uncommented it is unable to authenticate users.
Am I missing something ?
Debug log will show you what's going wrong, and why. I have no idea why that entry makes any difference for local authentication. It shouldn't. Alan DeKok.
participants (2)
-
Alan DeKok -
Maurizio Cimaschi