Proxy problem in FreeRADIUS 1.1.3
Chris A. Kalin
cak at netwurx.net
Fri Sep 8 17:03:13 CEST 2006
OK, I've got a bit of a weird issue here. I've beat my head against it
and I'm turning to the list for help.
I have local UNIX authentication, and I also proxy a few realms. The
problem seems to arise when I have the same username both locally and
going to a particular realm.
We have bob at realm.com and bob. Bob (the local user) is disabled, he's
in a certain group on my server that locks him out completely. On my
backup RADIUS server, which is version 0.8-pre, I get the expected
behavior - if bob tries to log in, he gets a "Your account has been
disabled" message, but if bob at domain.com tries to log in, the proxy
request goes to the remote server and it'll work.
But on 1.1.3 I get weird results. Bob (local) gets the same "disabled"
message, but so does bob at domain.com. But if I take bob out of the local
passwd file, bob at domain.com proxies to where it's supposed to go and
works fine. What's even weirder is in the above failure, I don't even
get anything in radius.log about bob at domain.com failing auth - I have to
hear about it from the customer himself.
I'm assuming something major changed in the proxy code in the past,
what, four years? But this is kind of a show stopper for me, so any
help would be appreciated. I can post whatever config files anyone
needs, but maybe I'm just missing something stupid here.
Thanks in advance!
Chris Kalin
More information about the Freeradius-Users
mailing list