Proxy problem in FreeRADIUS 1.1.3

Chris A. Kalin cak at netwurx.net
Fri Sep 8 21:22:36 CEST 2006


Alan DeKok wrote:
> "Chris A. Kalin" <cak at netwurx.net> wrote:
> 
>>That's exactly riight, but why is it even getting to my users file? 
> 
> 
>   Because you configured it that way?
> 
> 
>>It's supposed to be proxying the auth request to another box, and 
>>apparently does, but then it charges ahead and checks the username 
>>against the local password database anyway
> 
> 
>   What local password database?  It's looking at the "users" file.

Right, the users file has a default Auth-Type := System, so when I was 
talking about the "users" file, I was talking about "the users file 
where either passwords are specifically stored or it tells RADIUS to use 
/etc/passwd authentication."  Sorry for not being specific enough.  My bad.

> If you don't want it to look at the "users" file, update the
> configuration so that the "users" file is run ONLY when the realm
> module doesn't find a realm.  See the debug output for what the realm
> module returns when it does/doesn't find a realm, and see
> doc/configurable_failover for how to configure the "authorize" section
> to run "files" only if a realm isn't found.

>>An identical users file with the same proxy.conf and (as similiar as
>>it can be) radiusd.conf under an older FreeRADIUS doesn't do this.
> 
> You're saying it used to stop processing "authorize" after the
> "realms" module was run, simply because the module added
> Proxy-To-Realm.
> 
>   The server NEVER did that.  Ever.

So just so I completely understand, _did_ the server's (or one or more 
modules') behavior related to all this change between 0.8 and 1.1.3?  If 
not, why did this work in an older version and not now?

Thanks for all your help!

Chris




More information about the Freeradius-Users mailing list