order of realm processing

green green gggreen4 at gmail.com
Sat Dec 19 01:09:36 CET 2009


Can anyone advise and thanks?

i have domain1\user1 and this get radius proxy correctly to the
radius1 server (11.11.11.11) based on ntdomain prefix
have also set the ignore_null = yes

i have user1 at domain1 and this get radius proxy correctly to the
radius1 server (11.11.11.11) based on suffix
have also set the ignore_null = yes

under /modules/realm
realm ntdomain {
        format = prefix
        delimiter = "\\"
        ignore_default = yes
        ignore_null = yes
}

realm suffix {
        format = suffix
        delimiter = "@"
        ignore_default = yes
        ignore_null = yes
}


Under proxy.conf

realm domain1 {
       type             = radius
       nostrip
       authhost        = 11.11.11.11:1812
       accthost        = 11.11.11.11:1813
       secret          = secret1
}

realm NULL {
      type = auth
       authhost        = 22.22.22.22:1812
       accthost        = 22.22.22.22:1813
       secret          = secret1
}


Debug

[ntdomain] No '\' in User-Name = "user2", skipping NULL due to config.
++[ntdomain] returns noop
[suffix] No '@' in User-Name = "user2", skipping NULL due to config.
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> user2
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 3 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 3
Sending Access-Reject of id 211 to 3.3.3.3 port 1645
Waking up in 1.0 seconds.
Cleaning up request 2 ID 210 with timestamp +14
Waking up in 3.9 seconds.
Cleaning up request 3 ID 211 with timestamp +17
Ready to process requests.

i have user2 (without domain) and this get rejected, i want it to send
to radius2 server (22.22.22.22) as defined in the NULL domain as
defined in the proxy.conf.  Can advise how to do this?




More information about the Freeradius-Users mailing list