Problem with proxy.conf freeradius-server-2.0.1

Herve Brunet Herve.Brunet at ens-lyon.fr
Thu Apr 3 11:13:14 CEST 2008 

Dear,

I want authenticate user "name at mydomain.fr" to my local server and  all 
others requets "name at xxxxx" will be proxied to rad1.eduroam.fr.

My configuration doesn't works, all the request "name at xxxxx" will be 
sent to my local server.

here my  configuration :

proxy.conf :

realm  mydomain.fr {
         type            = radius
         authhost        = LOCAL
         accthost        = LOCAL
         }

realm NULL {
         type            = radius
         authhost        = LOCAL
         accthost        = LOCAL
         }
realm DEFAULT {
        type            = radius
        authhost        = rad1.eduroam.fr:1812
        accthost        = rad1.eduroam.fr:1813
        secret          = xxxxxxxxxxxxxxxxxxxxxxxx
        nostrip
       }


radius.conf:
  ......

proxy_requests  = yes
$INCLUDE proxy.conf
.......
   realm suffix {
     format = suffix
     delimiter = "@"
     ignore_default = no
     ignore_null = no
      }
........


sites-enabled/default:
authorize {
    preprocess
    mschap
    suffix
    eap {
       ok = return
    }
    ldap
    files
}



/usr/local/sbin/radiusd -X :

.......

rad_recv: Access-Request packet from host 140.77.63.15 port 1249, id=88, 
length=144
   NAS-IP-Address = 140.77.63.15
   NAS-Port-Type = Wireless-802.11
   NAS-Port = 1
   Framed-MTU = 1400
   User-Name = "toto at ens-les.fr"
   Calling-Station-Id = "000e35a547b4"
   Called-Station-Id = "00147c88fb55"
   NAS-Identifier = "AP-GN1S-N2-13"
   EAP-Message = 0x0201001401746f746f40656e732d6c65732e6672
   Message-Authenticator = 0x3347f7dd6a664503fc2f2f0eea7d989b
+- entering group authorize
++[preprocess] returns ok
++[mschap] returns noop
     rlm_realm: Looking up realm "ens-les.fr" for User-Name = 
"toto at ens-les.fr"
     rlm_realm: No such realm "ens-les.fr"
++[suffix] returns noop
   rlm_eap: EAP packet type response id 1 length 20
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
rlm_ldap: - authorize
rlm_ldap: performing user authorization for toto at ens-les.fr
   expand: %{Stripped-User-Name} ->
.....


The directive DEFAULT in proxy.conf doesn't match  the string 
toto at ens-les.fr



What the problem ?


  Thanks by advance for any help.



-- 


Hervé Brunet

More information about the Freeradius-Users mailing list