proxy setup questions

Dallas Helquist dallas at oldbrownjeep.net
Thu Apr 2 18:13:16 CEST 2009


freeradius version: 1.0.1 (Centos4)

I have the need to proxy requests based on "@domain.com" to different
radius servers.  I thought this would be fairly simple after reading
proxy.conf, but I must be missing something!

Here's the relevant portion of my proxy.conf:

realm test.com {
        type = radius
        authhost = 10.19.3.8:1812
        accthost = LOCAL
        secret = testing123
}

realm test2.com {
        type = radius
        authost = 10.19.3.9:1812
        accthost = LOCAL
        secret = testing123
}

When testing via radtest using "test at test.com" the expected behavior
happens - I see the request proxied to 1.1.1.1:

<SNIP>
rad_recv: Access-Request packet from host 127.0.0.1:53468, id=229, length=65
        User-Name = "test at test.com"
        User-Password = "test"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 123
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
    rlm_realm: Looking up realm "test.com" for User-Name = "test at test.com"
    rlm_realm: Found realm "test.com"
    rlm_realm: Adding Stripped-User-Name = "test"
    rlm_realm: Proxying request from user test to realm test.com
    rlm_realm: Adding Realm = "test.com"
    rlm_realm: Preparing to proxy authentication request to realm
"test.com"
<SNIP>
Sending Access-Request of id 0 to 10.19.3.8:1812
        User-Name = "test"
        User-Password = "test"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 123
        Proxy-State = 0x323239

Great!

Now I try it with "test at test2.com":

rad_recv: Access-Request packet from host 127.0.0.1:53482, id=7, length=66
        User-Name = "test at test2.com"
        User-Password = "test"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 123
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
    rlm_realm: Looking up realm "test2.com" for User-Name = "test at test2.com"
    rlm_realm: Found realm "test2.com"
    rlm_realm: Adding Stripped-User-Name = "test"
    rlm_realm: Proxying request from user test to realm test2.com
    rlm_realm: Adding Realm = "test2.com"
    rlm_realm: Authentication realm is LOCAL.
  modcall[authorize]: module "suffix" returns noop for request 0

Why would it make the Authentication realm LOCAL?  If I move the realm
test2.com above test.com in proxy.conf then test2.com works & test.com
doesn't.

Can someone point me in the right direction?  I've read included
doc/proxy, proxy.conf & the online wiki sections on proxy.  It seems so
simple, yet I can't seem to figure it out!

Thanks in advance.

-dallas



More information about the Freeradius-Users mailing list