Re: preproxy for calledstationid to realm

Sat, 07 Feb 2004 18:58:32 -0800 


On Sat, 7 Feb 2004, Jim wrote:

> Thanks, I was pretty sure it would. It was the syntax and whitespace I was
> wondering about. 

This what I had:

DEFAULT 
        Called-Station-Id =~ "*1234", Proxy-To-Realm := "realm"

Using debug:

[/etc/raddb/preproxy_users]:14 WARNING! Check item "Proxy-To-Realm" ?found
in reply item list for user "DEFAULT". ?This attribute MUST go on
 the first line with the other check items

So I changed the entry to:

DEFAULT Called-Station-Id =~ "*1234", Proxy-To-Realm := "realm"

which loaded but didn't do anything. So I changed it to:

DEFAULT Called-Station-Id =~ "9876541234", Proxy-To-Realm := "realm"

which didn't do anything either. 'blahblah' is the unknown realm that
should have the Proxy-To-Realm 'realm' added as a suffix (debug output
with irrelevence snipped):

rad_recv: Access-Request packet from host 12.12.12.12:3065, id=46, length=220
        User-Name = "[EMAIL PROTECTED]"
        Called-Station-Id = "9876541234"
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
    rlm_realm: Looking up realm blahblah for User-Name = "[EMAIL PROTECTED]"
    rlm_realm: No such realm blahblah
  modcall[authorize]: module "suffix" returns noop
  modcall[authorize]: module "sql" returns notfound
    users: Matched DEFAULT at 1
    users: Matched DEFAULT at 10
  modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
auth: No authenticate method (Auth-Type) configuration found for the request: 
Rejecting the user
auth: Failed to validate the user.
Login incorrect: [EMAIL PROTECTED]/password] (from client o1-7 port 25217)

So, freeradius doesn't add the 'realm' realm and it's trying to auth
locally (which not what we want) instead of proxying the request.

The users file, btw, is only used to add certain attributes, which is why 
the DEFAULT was being matched:

DEFAULT Service-Type == Framed-User
        Framed-IP-Address = 255.255.255.254,
        Framed-MTU = 1500,
        Service-Type = Framed-User,
        Session-Timeout = 21600,
        Idle-Timeout = 900,
        Fall-Through = Yes
#
#
DEFAULT Framed-Protocol == PPP
        Framed-Protocol = PPP,
        Framed-Compression = Van-Jacobson-TCP-IP

Any idea what I'm missing?

thanks,
Jim




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to