FW: Use Hint file to proxy
Difan Zhao
difan.zhao at guest-tek.com
Fri Mar 4 16:25:28 CET 2011
Hi Alan Dekok or anyone,
I haven't got a reply on this one yet... I was able to do it before but not anymore... I'm really curious to know why...
Thank you!
Difan
________________________________
From: freeradius-users-bounces+difan.zhao=guest-tek.com at lists.freeradius.org [mailto:freeradius-users-bounces+difan.zhao=guest-tek.com at lists.freeradius.org] On Behalf Of Difan Zhao
Sent: March-02-11 9:01 AM
To: FreeRadius users mailing list
Subject: Use Hint file to proxy
Hi experts,
Long time no talk!
I have another dilemma. For some reasons I want to try to use the hints file to do Proxy (the normal way of configuring realm and proxy.conf file works). So the following is my config:
=============== hints ===================
DEFAULT User-Name =~ "^host\/.*\.gtcorp\.com$"
Hint = "Marriott"
=============== users ===================
DEFAULT Hint == "Marriott", Proxy-To-Realm := "~\.gtcorp\.com$"
=============== proxy.conf ===================
....
realm "~\.gtcorp\.com$" {
nostrip
auth_pool = Marriott_Auth_Pool
acct_pool = Marriott_Acct_Pool
}
============== module/realm ================
realm Marriott {
format = suffix
delimiter = "/"
}
Then I commented out the "Marriott" realm in the "authorize" section in the default server so the settings in the "realm" file shouldn't do anything.
============= sites-available/default ==============
authorize {
...
# Marriott
...
}
In the radius -X log I do see the requests are sent to the proxy server but I also see the following abnormal logs. The complete log is also attached.
[eap] No pre-existing handler found
...
rlm_eap: No EAP session matching the State variable.
[eap] Either EAP-request timed out OR EAP-response to an unknown EAP-request
[eap] Failed in handler
++[eap] returns invalid
Failed to authenticate the user.
So is it possible to use the hints file to do proxy or I'm totally out of my mind?? If it's possible where I could do wrong?
Thanks a lot!
[cid:image003.gif at 01CBDA45.6D237530]Difan Zhao M.Eng | CCNA CCNP CCSP | Network Engineer
T: 403-509-1010 ext 3048 | M: 403-689-7514 | F: 403.509.1011
difan.zhao at guest-tek.com<mailto:difan.zhao at guest-tek.com> | www.guest-tek.com<http://www.guest-tek.com>
The contents of this email are confidential and intended for the recipient only. If you have received this email in error, please notify us, and destroy all copies.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110304/8d119abc/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.gif
Type: image/gif
Size: 2716 bytes
Desc: image002.gif
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110304/8d119abc/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.gif
Type: image/gif
Size: 2716 bytes
Desc: image003.gif
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110304/8d119abc/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 3741 bytes
Desc: image001.gif
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110304/8d119abc/attachment-0002.gif>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: radius -X.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110304/8d119abc/attachment.txt>
More information about the Freeradius-Users
mailing list