EAP-TLS User-Name not matching

Huckle Berry huck.berry at gmail.com
Tue Jan 19 07:58:28 CET 2010


For all I know, the top of the output could be 10,000 (or more) lines up.
Funny thing about endless loops, they tend to go on for quite a while. If
you want, I'll post my conf files, which should be the same as the top of
the output, no? The example.com realm should be in proxy.conf if you want
any other confs just ask and I will post.
$ grep -v -e \# proxy.conf
proxy server {
    default_fallback = no
}
home_server localhost {
    type = auth
    ipaddr = 127.0.0.1
    port = 1812
    secret = testing123
    require_message_authenticator = no
    response_window = 20
    zombie_period = 40
    revive_interval = 120
    status_check = status-server
    check_interval = 30
    num_answers_to_alive = 3
    coa {
        irt = 2
        mrt = 16
        mrc = 5
        mrd = 30
    }
}
home_server virtual.example.com {
        virtual_server = virtual.example.com
}
home_server_pool my_auth_failover {
    type = fail-over
    home_server = localhost
}
realm example.com {
    auth_pool = my_auth_failover
     nostrip
}
realm LOCAL {
}

Like I said before though, I am running the default config (except for the
nostrip line) so if authhost isn't set by default, I didn't add it.

~Huckle Berry


On Tue, Jan 19, 2010 at 1:40 AM, Alan DeKok <aland at deployingradius.com>wrote:

> Huckle Berry wrote:
>
> > Maybe proxy to itself was a bad way to describe it, you can interpret
> > the output yourself if you'd like. I took the last 4096 lines of output
>
>   ... from an endless loop which repeats the same thing.
>
>  Why not send the *top* of the output, before it starts to loop back to
> itself?
>
>  The debug output you posted does NOT match the other configs you sent.
>  It clearly shows that the server is proxying to "example.com".  This
> happens ONLY if you add "authhost" to the realm configuration for
> example.com.
>
>  The config you posted for example.com did *not* have an "authhost" entry.
>
>  And if you had posted the *top* of the debug output, it would have
> included the configuration for the "example.com" realm.  Which would
> have showed *why* it was proxying
>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100119/8c54e382/attachment.html>


More information about the Freeradius-Users mailing list