freeradius2 Proxy fail-over issues
emmett at webengineer.com
Tue Jun 30 02:21:14 CEST 2009
Alan DeKok wrote:
> Emmett Culley wrote:
>>> It's not a bug. Hostname lookups are disabled by default in radiusd.conf.
>>> Along with explanation why enabling it is a bad idea.
>> Ah, I didn't occur to me that host name look ups off would prevent the
>> server from looking up hosts defined in the configuration files. Well,
>> now I know.
> No... if you give it a hostname in the config files, it always looks
> it up to find the IP. That configuration controls whether or not it
> *prints* hostnames.
> i.e. If it sees an IP address in a RADIUS packet, the default is to
> print it as an IP address. If you turn hostname lookups on, it will try
> to look up that IP to find a host name.
> Alan DeKok.
As I at first assumed...So, this is a bug after all. If I put ipaddr = localhost in a home_server definition I get the failed authentication I described in my first note. You can see in proxy.conf configuration lines I included, where ipaddr is set to localhost for all four home_server definitions.
As soon as I changed the ipaddr parameter in all four home_server definitions, and reset the server, I was able to properly authenticate. Nothing else was changed.
I'll write a bug report on the freeradius.org site.
BTW, I found a similar issue in the radius client library. Using a host name in the configuration file causes a crash. I need to report that as well. I've run it in a debugger and can tell you where it fails.
More information about the Freeradius-Users