Credentials differ when proxying

Alan DeKok aland at deployingradius.com
Tue Oct 20 15:05:24 CEST 2020


On Oct 20, 2020, at 8:36 AM, Julien Cochennec <julien.cochennec at ac-orleans-tours.fr> wrote:
> 
> Le 20/10/2020 à 13:53, Alan DeKok a écrit :
>>   You're debugging the server by looking at the output of "radclient".
>> 
>>  Just... no.
> 
> Ok, this one was just about to mention it "works". Sorry.

  Having a case which works is definitely useful.  But why are you STILL not looking at the debug output?

  We tell people to run the server in debugging mode because it *helps*.  In this case, you can look at the debug output for the case which works, and compare it to the debug output for the case which doesn't work.  The differences between the two outputs is VERY important.

   Just... please.  Follow the docs, READ THE DEBUG OUTPUT.

  Every message you send with the *wrong* information just wastes your time, and ours.

>> 
>>   How are users supposed to be authenticated?  Where are the passwords stored?
> 
> Oh yes, sorry, the password is stored on an ldap server that B is tied to.

  So.... READ THE DEBUG OUTPUT YOU POSTED TO THE LIST.

  This isn't difficult.  Does the debug output show it using the "ldap" module?

  No?

  Then... what's wrong?

  Hint: This isn't a trick question.

> The first radclient test was meant to check the password was fine. It is.

  So... READ the debug output for the first "radclient" test.  See what it's doing.

  Honestly, it's frustrating as hell to write the docs, and then spend 20 years telling people "read the debug output".  Yet pretty much every day there are people who fight tooth and nail against doing just that.

  Why?

  Alan DeKok.




More information about the Freeradius-Users mailing list