Empty user attributes in proxied request
Alan DeKok
aland at deployingradius.com
Fri Jan 6 15:00:55 CET 2012
Attou eric wrote:
> But, i'm dealing with empty user attribute issue while attempting
> to authenticate with the eduroam user. It seems that although the
> request is proxied, my server tries to locally check the authorized
> attributes of the user against my local ldap server. And since no
> such user exists ldap returns : object not found
Edit the configuration so it doesn't check LDAP for proxied packets.
How are you proxying packets? What does the *rest* of the debug
output look like?
> Next, my server proxies an other request with empty attributes
> certainly resulting from the previous object found result :
No, and no. It's a status check packet, not a proxied packet. And it
has nothing to do with the "object not found" error.
> Sending Access-Request of id 144 to 193.190.198.59 port 1812
> User-Name := ""
> User-Password := ""
> Service-Type := Authenticate-Only
> Message-Authenticator := 0x00000000000000000000000000000000
> NAS-Identifier := "Status Check. Are you alive?"
> Thu Jan 5 20:19:47 2012 : Debug: No response to status check 3 from
> home server 193.190.198.59 port 1812
>
> What may have been misconfigured ?
You set "username=" and "password=" in raddb/proxy.conf. Why? The
comments documenting those configuration items describe what they do.
It makes *no* sense to set them to be empty strings.
In any case, I've committed a fix. The server now refuses to start if
the username && password is misconfigured.
> Note : The home server is alive since i test it through radtest command
<shrug> The error may have been transient.
Alan DeKok.
More information about the Freeradius-Users
mailing list