Talloc sanity error (3.0 release branch, reproxying from PEAP inner tunnel)
Alan DeKok
aland at deployingradius.com
Thu Aug 8 14:47:13 CEST 2013
Brian Julin wrote:
> I tried to replicate on a test server with lightly modified 3.0 stock configs. The error only
> happens when everything is running through the same server/eap instances, so good
> instincts there. Replicating it is easy: just uncomment the peap virtual-server directive
> and add at the top of authorize:
>
> if (Freeradius-Proxied-To == "127.0.0.1") {
> update control {
> Proxy-To-Realm = example.com
> }
> }
That doesn't make much sense. If it's in the "default" virtual
server, the FreeRADIUS-Proxied-To attribute will never exist. If it's
in the "inner-tunnel" virtual server, it will always exist, and always
have that value.
> ...and it doesn't matter that example.com defaults to home_server localhost, it does not get that far.
Well... I tried it, and I didn't see any errors.
Can you check that you're really running a *stock* binary, and a
*stock* configuration?
> I believe it is the way it is because at some point we were having trouble using outer.request
> and such between virtual servers. I'll have to test those and see if that limitation is still
> in effect.
All that should work...
Alan DeKok.
More information about the Freeradius-Users
mailing list