Benedikt Panzer <[EMAIL PROTECTED]> wrote:
> First, is the realm "NULL" the preferred method to forward requests to
> another radius server?
That depends on your system.
> If so, I still need to figure out how to use it. After searching the
> mailing list archive I found a hint:
> DEFAULT Proxy-To-Realm := "foo.com"
> Is that how it works? Not with any Auth-Type?
Yes. The home server authenticates the user. FreeRADIUS *could*
have "Auth-Type = Proxy", but that would be pointless.
> Does this also work if the username doesn't contain that realm?
Yes.
> I tried with this users file:
> DEFAULT Auth-Type := LDAP
> DEFAULT Proxy-To-Realm := "students"
You're telling the server to use LDAP *always*, and to *never* proxy
the request. Please read the "man" page for the "users" file.
> But if I use this configuration...
> DEFAULT Auth-Type := LDAP
> DEFAULT Proxy-To-Realm := "NULL"
> and this proxy.conf:
> realm NULL {
> type = radius
> authhost = uml1:1812
> accthost = uml1:1813
> secret = hidden
> }
> ... FR forwards all requests and rejects users that are in the local
> ldap. (That's my very problem.) Just like without "Proxy-To-Realm".
At this point, I don't believe you. Or, the configuration you
quoted above is NOT what you're actually running. You've re-typed it,
rather than quoting it, and what you've posted here is NOT what is
running in your server.
If you don't describe your system accurately, it's impossible to
help you.
> Apart from that, the doc file "proxy" says that the users file is being
> processed after the proxying. Does this mean that I don't have to
> configure the proxying in the users file at all?
No.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
