Empty user attributes in proxied request

Alan DeKok aland at deployingradius.com
Fri Jan 6 15:00:55 CET 2012

Attou eric wrote:
> But, i'm dealing with empty user attribute issue while attempting 
> to authenticate with the eduroam user. It seems that although the
> request is proxied, my server tries to locally check the authorized
> attributes of the user against my local ldap server. And since no
> such user exists ldap returns : object not found

  Edit the configuration so it doesn't check LDAP for proxied packets.

  How are you proxying packets?  What does the *rest* of the debug
output look like?

>       Next, my server proxies an other request with empty attributes 
> certainly resulting from the previous object found result :

  No, and no.  It's a status check packet, not a proxied packet.  And it
has nothing to do with the "object not found" error.

> Sending Access-Request of id 144 to port 1812
>         User-Name := ""
>         User-Password := ""
>         Service-Type := Authenticate-Only
>         Message-Authenticator := 0x00000000000000000000000000000000
>         NAS-Identifier := "Status Check. Are you alive?"
> Thu Jan  5 20:19:47 2012 : Debug: No response to status check 3 from
> home server port 1812
>        What may have been misconfigured ?

  You set "username=" and "password=" in raddb/proxy.conf.  Why?  The
comments documenting those configuration items describe what they do.
It makes *no* sense to set them to be empty strings.

  In any case, I've committed a fix.  The server now refuses to start if
the username && password is misconfigured.

> Note : The home server is alive since i test it through  radtest command

  <shrug>  The error may have been transient.

  Alan DeKok.

More information about the Freeradius-Users mailing list