Credentials differ when proxying

Alan Buxey alan.buxey at
Wed Oct 21 18:07:34 CEST 2020


Proxying is done 'per hop'. You have an incorrect shared secret at one of
the hops. Things are fine between A+B? Then the issue is between B+C. The
joy can be multiple as the shared secret problem/typo may be just in one
direction too. Or, even better, one of the hops doing something like
terminating the EAP tunnel and proxying the inner tunnel conversation etc.
Always fun


On Tue, 20 Oct 2020, 18:25 Alan DeKok, <aland at> wrote:

>   When you join the mailing list, the message you get says: read
>   That recommendation is repeated at least weekly, if not daily on this
> list.  The "man" pages and all other documentation says "run the server in
> debug mode".
>   So... where *else* do we need to put that documentation in order for
> people to find it?
>   The issue here is that you're hiding information.  Every messages
> contains *new* information which you didn't mention before.  When you post
> the debug output, you edit it to delete most of the useful information.
> When the documentation says "don't do that".  So the debug output is
> largely useless.
>   You're trying *very* hard to make it difficult for us to help you.  This
> is not helpful.
>   In the end, the configuration you want is pretty simple.  It shouldn't
> take 4 months to configure the server to (a) proxy a packet from one system
> to another, and (b) authenticate a user against LDAP.
>   Ask *simple* questions.  "How do I do X?"  You will get helpful
> answers.  If your questions are instead "I tried to do a bunch of stuff and
> it didn't work", then the only possible answer is "maybe do different
> stuff?"
>   How do you proxy packets from one system to the other?  Read
> proxy.conf.  Configure a realm "".  Then, send packets
> containing "username at".  It's that simple.
>   So... what did you do?  Did you configure a realm?  If so, how?
>   You  said that you spent 4 months reading documentation.  That's nice...
> but what did you *do* to configure the server?  We need to know what.  For
> some reason, you're not telling us.  And I don't know why.  If you *do*
> tell us what you did, then we can give useful advice, and pretty quickly.
>   Until then, we're stuck, because you're not telling us anything useful.
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list