freeradius active directory integration fails with "no such realm"
Andrei-Florian Staicu
andrei.staicu at gmail.com
Wed Jul 8 11:31:21 CEST 2009
Alan DeKok wrote:
> Andrei-Florian Staicu wrote:
>
>> Hello again. I've reached the output from here:
>> http://pastebin.com/d19f28a24 , and i still don't understand why it
>> doesen't call the ntlm_auth line
>>
>
> It looks like you are adding a "Proxy-To-Realm := LOCAL".
>
> ...
>
>> PEAP: Sending tunneled request
>> EAP-Message =
>> 0x02060018014950534f305c616e647265692e737461696375
>> FreeRADIUS-Proxied-To = 127.0.0.1
>> User-Name = "IPSO0\\andrei.staicu"
>> server inner-tunnel {
>> +- entering group authorize
>> rlm_realm: Looking up realm "IPSO0" for User-Name =
>> "IPSO0\andrei.staicu"
>> rlm_realm: Found realm "IPSO0"
>> rlm_realm: Adding Stripped-User-Name = "andrei.staicu"
>> rlm_realm: Adding Realm = "IPSO0"
>> rlm_realm: Authentication realm is LOCAL.
>> ++[ntdomain] returns noop
>> ++[mschap] returns noop
>> ++[control] returns noop
>>
>
> Why is that "update control" section there? What is in it?
>
>
>
>> rlm_eap: Request is supposed to be proxied to Realm LOCAL. Not doing
>>
> EAP.
>
> It's being proxied to realm LOCAL. You have added a LOCAL realm.
> Don't do that.
>
>
>> ++[eap] returns noop
>> WARNING: You set Proxy-To-Realm = LOCAL, but the realm does not
>> exist! Cancelling invalid proxy request.
>>
>
> Even more proof. The IPSO0 realm above is added because it exists.
> The server does NOT add a "Proxy-To-Realm := LOCAL". You have done
> that. Delete it from your configuration.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
It works now. Thank you very much for clearing thing up for me.
More information about the Freeradius-Users
mailing list