freeradius active directory integration fails with "no such realm"
Alan DeKok
aland at deployingradius.com
Wed Jul 8 10:36:08 CEST 2009
Andrei-Florian Staicu wrote:
> Hello again. I've reached the output from here:
> http://pastebin.com/d19f28a24 , and i still don't understand why it
> doesen't call the ntlm_auth line
It looks like you are adding a "Proxy-To-Realm := LOCAL".
...
> PEAP: Sending tunneled request
> EAP-Message =
>0x02060018014950534f305c616e647265692e737461696375
> FreeRADIUS-Proxied-To = 127.0.0.1
> User-Name = "IPSO0\\andrei.staicu"
>server inner-tunnel {
>+- entering group authorize
> rlm_realm: Looking up realm "IPSO0" for User-Name =
>"IPSO0\andrei.staicu"
> rlm_realm: Found realm "IPSO0"
> rlm_realm: Adding Stripped-User-Name = "andrei.staicu"
> rlm_realm: Adding Realm = "IPSO0"
> rlm_realm: Authentication realm is LOCAL.
>++[ntdomain] returns noop
>++[mschap] returns noop
>++[control] returns noop
Why is that "update control" section there? What is in it?
> rlm_eap: Request is supposed to be proxied to Realm LOCAL. Not doing
EAP.
It's being proxied to realm LOCAL. You have added a LOCAL realm.
Don't do that.
>++[eap] returns noop
> WARNING: You set Proxy-To-Realm = LOCAL, but the realm does not
> exist! Cancelling invalid proxy request.
Even more proof. The IPSO0 realm above is added because it exists.
The server does NOT add a "Proxy-To-Realm := LOCAL". You have done
that. Delete it from your configuration.
Alan DeKok.
More information about the Freeradius-Users
mailing list