Hello freeradius list,
still I don't understand how to tell FreeRadius which auth modules to use. In particular I'd like to use ldap as well as another radius server. Of course, I configure the ldap module in radiusd.conf and put the other radius server into proxy.conf for the realm NULL. Both auth methods work fine.
However, I don't understand why FreeRadius queries the ldap even if my users file is only "DEFAULT Authentication-Type = Realm". And FR also forwards requests to the other radius server even if there is no "Authentication-Type = Realm" in my users file at all. Is there no way to instruct FR which auth module to use?
Furthermore, FR should forward the requests only if the requested user isn't in the ldap directory. At the moment happens the following: when the requested user exists in the ldap (module "ldap" returns ok) but not in the other radius server then the request is rejected. How can I change this? Below you find the debug log for such a request.
Best regards, Benedikt Panzer
rad_recv: Access-Request packet from host 192.168.0.1:2053, id=41, length=45
User-Name = "user5"
User-Password = "whatever"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
[...]
rlm_ldap: - authorize
rlm_ldap: performing user authorization for user5
radius_xlat: '(uid=user5)'
radius_xlat: 'ou=users,ou=radius,dc=mydomain,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=users,ou=radius,dc=mydomain,dc=com, with filter (uid=user5)
rlm_ldap: checking if remote access for user5 is allowed by dialupAccess
rlm_ldap: Added password whatever in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user user5 authorized to use remote access
modcall[authorize]: module "ldap" returns ok for request 1
modcall: group authorize returns updated for request 1
Sending Access-Request of id 1 to <the other radius server>:1812
User-Name = "user5"
User-Password = "whatever"
NAS-IP-Address = 192.168.0.1
Proxy-State = 0x3431
rad_recv: Access-Reject packet from host <the other radius server>:1812, id=1, length=24
Proxy-State = 0x3431
Processing the post-proxy section of radiusd.conf
Login incorrect (Home Server says so): [user5/whatever] (from client mypc port 0)
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
