Odd proxy authentication failures
Alan DeKok
aland at deployingradius.com
Wed Oct 14 12:30:27 CEST 2009
Michael Schlies wrote:
> Hello all,
> I seem to be running into an issue with a RADIUS setup I am doing. I am
> setting up a server that hosts 5 radius instances in 1.x and does realm
> proxying to 4 of them but uses one realm (realm 'a.com' in this case) as
> its default. so if requests for 'b.com', 'c.com', etc come in they get
> relayed on to their radius server and that result is relayed back to the
> NAS. In 2.0 I want to merge these separate instances into a single
> instance using virtual servers. The problem I am running into is I can
> see that accounts are being successfully authenticated on the virtual
> servers however the home server is returning Access-Reject unless the
> user authenticated is one of its local users...
So... update your policies so that it doesn't do user lookups for
proxied packets.
> Mon Oct 12 13:39:45 2009 : Debug: rlm_sql (sql-a): User found in group
> DISABLED
That would seem to be definitive.
Why are you disabling users when you want them to be authenticated?
Alan DeKok.
More information about the Freeradius-Users
mailing list