Hi Folks I'm trying to get my Radius server handling requests for other realms now, and have been unsuccessful in the process. Despite my best efforts, the radius server ignores that the login realm is incorrect and attempts to authenticate the user against my LDAP tree. startup with debug shows it's being loaded; Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf <snip> main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no Proxy.conf has; realm DEFAULT { type = radius authhost = xx.xx.xx.xx:1812 accthost = xx.xx.xx.xx.4:1813 secret = <snip> nostrip } realm DEFAULT { type = radius authhost = yy.yy.yy.yy:1812 accthost = yy.yy.yy.yy:1813 secret = <snip> nostrip } realm acu.edu.au { type = radius authhost = LOCAL accthost = LOCAL strip } Radiusd.conf has # PROXY CONFIGURATION # proxy_requests = yes $INCLUDE ${confdir}/proxy.conf #realm module 'username@realm' # realm suffix { format = suffix delimiter = "@" ignore_default = no ignore_null = yes } authorize { preprocess suffix auth_log eap ldap1 ldap2 ldap3 ldap4 ldap5 ldap6 ldap7 } The logon is reaching the radius server with the correct realm, can anyone shed any light on this behaviour? I've tried it with our local domain both above and below the default entries, but without luck. Stephen Walsh s.walsh@signadou.acu.edu.au Client Support Officer (Technology) Australian Catholic University (Limited) PO Box 256, Dickson ACT 2602 Phone: +61 2 6209 1133 Fax: +61 2 6209 1179 Mobile: +61 419 496796 +++++++++++++++++++++++++++++++++++++++++++++++++ CRICOS Registration: 00004G, 00112C, 00873F, 00885B ABN 15 050 192 660 +++++++++++++++++++++++++++++++++++++++++++++++++
participants (1)
-
Stephen Walsh