Proxy problem in FreeRADIUS 1.1.3

Alan DeKok aland at deployingradius.com
Fri Sep 8 20:43:09 CEST 2006


"Chris A. Kalin" <cak at netwurx.net> wrote:
> That's exactly riight, but why is it even getting to my users file? 

  Because you configured it that way?

> It's supposed to be proxying the auth request to another box, and 
> apparently does, but then it charges ahead and checks the username 
> against the local password database anyway

  What local password database?  It's looking at the "users" file.  If
you don't want it to look at the "users" file, update the
configuration so that the "users" file is run ONLY when the realm
module doesn't find a realm.  See the debug output for what the realm
module returns when it does/doesn't find a realm, and see
doc/configurable_failover for how to configure the "authorize" section
to run "files" only if a realm isn't found.

> An identical users file with the same proxy.conf and (as similiar as
> it can be) radiusd.conf under an older FreeRADIUS doesn't do this.

  You're saying it used to stop processing "authorize" after the
"realms" module was run, simply because the module added
Proxy-To-Realm.

  The server NEVER did that.  Ever.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Users mailing list