Talloc sanity error (3.0 release branch, reproxying from PEAP inner tunnel)

Alan DeKok aland at deployingradius.com
Thu Aug 8 14:47:13 CEST 2013

Brian Julin wrote:
> I tried to replicate on a test server with lightly modified 3.0 stock configs.  The error only
> happens when everything is running through the same server/eap instances, so good
> instincts there.  Replicating it is easy: just uncomment the peap virtual-server directive
> and add at the top of authorize:
>           if (Freeradius-Proxied-To == "") {
>               update control {
>                  Proxy-To-Realm = example.com
>               }
>           }

  That doesn't make much sense.  If it's in the "default" virtual
server, the FreeRADIUS-Proxied-To attribute will never exist.  If it's
in the "inner-tunnel" virtual server, it will always exist, and always
have that value.

> ...and it doesn't matter that example.com defaults to home_server localhost, it does not get that far.

  Well... I tried it, and I didn't see any errors.

  Can you check that you're really running a *stock* binary, and a
*stock* configuration?

> I believe it is the way it is because at some point we were having trouble using outer.request
> and such between virtual servers.  I'll have to test those and see if that limitation is still
> in effect.

  All that should work...

  Alan DeKok.

More information about the Freeradius-Users mailing list