Missing Realm when entering second authorization group

Mon Jun 15 11:54:10 CEST 2009

> On Mon, Jun 15, 2009 at 10:24:04AM +0100, A.L.M.Buxey at lboro.ac.uk wrote:
>> are you doing local proxy (ie have an entry for math.....nl in
>> proxy.conf?)
>> if so, ensure you define 'nostrip' otherwise the realm will be removed
>> and you cannot use it.
>
> Yes, we have our Realm defined in proxy.conf:
> home_server_pool mi {
>         type            = fail-over
>         home_server     = localhost
> }
> realm math.leidenuniv.nl {
>         auth_pool       = mi
> #        nostrip
> }
>
> I tried adding the nostrip option, but as a result radiusd ends up in an
> infinite loop proxy-ing to itself:
> 		....
>         Proxy-State = 0x313839
>         Proxy-State = 0x323035
>         Proxy-State = 0x313930
>         Proxy-State = 0x323437
>         Proxy-State = 0x3933
>         Proxy-State = 0x323130
> 		...
>
> The Realm indeed remained untouched in the username through out the
> request. How can I stop this loop?

Don't proxy internally. Remove that home server and leave only the realm
as local realm:

realm math.leidenuniv.nl {
}

Ivan Kalik
Kalik Informatika ISP