FW: Use Hint file to proxy

Difan Zhao difan.zhao at guest-tek.com
Fri Mar 4 16:25:28 CET 2011


Hi Alan Dekok or anyone,

I haven't got a reply on this one yet... I was able to do it before but not anymore... I'm really curious to know why...

Thank you!

Difan
________________________________
From: freeradius-users-bounces+difan.zhao=guest-tek.com at lists.freeradius.org [mailto:freeradius-users-bounces+difan.zhao=guest-tek.com at lists.freeradius.org] On Behalf Of Difan Zhao
Sent: March-02-11 9:01 AM
To: FreeRadius users mailing list
Subject: Use Hint file to proxy

Hi experts,

Long time no talk!

I have another dilemma. For some reasons I want to try to use the hints file to do Proxy (the normal way of configuring realm and proxy.conf file works). So the following is my config:

=============== hints ===================
DEFAULT User-Name =~ "^host\/.*\.gtcorp\.com$"
        Hint = "Marriott"

=============== users ===================
DEFAULT Hint == "Marriott", Proxy-To-Realm := "~\.gtcorp\.com$"

=============== proxy.conf ===================
....
realm "~\.gtcorp\.com$" {
        nostrip
        auth_pool = Marriott_Auth_Pool
        acct_pool = Marriott_Acct_Pool
}

============== module/realm ================
realm Marriott {
        format = suffix
        delimiter = "/"
}

Then I commented out the "Marriott" realm in the "authorize" section in the default server so the settings in the "realm" file shouldn't do anything.

============= sites-available/default ==============
authorize {
...
#       Marriott
...
}

In the radius -X log I do see the requests are sent to the proxy server but I also see the following abnormal logs. The complete log is also attached.

[eap] No pre-existing handler found
...
rlm_eap: No EAP session matching the State variable.
[eap] Either EAP-request timed out OR EAP-response to an unknown EAP-request
[eap] Failed in handler
++[eap] returns invalid
Failed to authenticate the user.

So is it possible to use the hints file to do proxy or I'm totally out of my mind?? If it's possible where I could do wrong?

Thanks a lot!

[cid:image003.gif at 01CBDA45.6D237530]Difan Zhao M.Eng | CCNA CCNP CCSP | Network Engineer
T: 403-509-1010 ext 3048 | M: 403-689-7514 | F: 403.509.1011
difan.zhao at guest-tek.com<mailto:difan.zhao at guest-tek.com> | www.guest-tek.com<http://www.guest-tek.com>

The contents of this email are confidential and intended for the recipient only. If you have received this email in error, please notify us, and destroy all copies.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110304/8d119abc/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.gif
Type: image/gif
Size: 2716 bytes
Desc: image002.gif
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110304/8d119abc/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.gif
Type: image/gif
Size: 2716 bytes
Desc: image003.gif
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110304/8d119abc/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 3741 bytes
Desc: image001.gif
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110304/8d119abc/attachment-0002.gif>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: radius -X.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110304/8d119abc/attachment.txt>


More information about the Freeradius-Users mailing list