I am using FreeRADIUS 1.0.1 to authenticate MAC addresses (as username) from various wireless access points. There is a master RADIUS server that contains a list of valid usernames (MAC addresses) but I want to be able to override that list for my local wireless access points.
I have configured FreeRADIUS to proxy requests to the master RADIUS server, but the response of the master server is used regardless of my local users file. According to the doc/proxy file, the users file is to be processed as usual after a proxy response is received. I take this to mean that a username found in the users file will be used instead of any response given by the master server. What is the proper way to configure for proxy but maintain a list of users that are accepted/rejected either without consulting the master server or overriding the response from the master server? Dennis Beach Systems Engineer RR Donnelley, Information Technology (765) 364-4604 - phone (765) 230-6111 - cellular (765) 364-3056 - fax [EMAIL PROTECTED] --------------------------------------------- My proxy.conf file contains: realm LOCAL { type = radius authhost = LOCAL accthost = LOCAL } realm NULL { type = radius authhost = masteripaddr:1645 accthost = masteripaddr:1646 secret = wirelesslan } realm DEFAULT { type = radius authhost = LOCAL accthost = LOCAL } The following is a transcript of log messages from a connection attempt: rad_recv: Access-Request packet from host 10.225.66.156:1645, id=16, length=102 User-Name = "00022d37685a" User-Password = "00022d37685a" Called-Station-Id = "0002.8a5b.3c44" Calling-Station-Id = "0002.2d37.685a" NAS-Port-Type = Virtual NAS-Port = 405 NAS-IP-Address = 10.225.66.156 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "00022d37685a", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "00022d37685a" rlm_realm: Proxying request from user 00022d37685a to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Preparing to proxy authentication request to realm "NULL" modcall[authorize]: module "suffix" returns updated for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched 00022d37685a at 54 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns updated for request 0 Sending Access-Request of id 0 to 10.225.100.20:1645 User-Name = "00022d37685a" User-Password = "00022d37685a" Called-Station-Id = "0002.8a5b.3c44" Calling-Station-Id = "0002.2d37.685a" NAS-Port-Type = Virtual NAS-Port = 405 NAS-IP-Address = 10.225.66.156 Proxy-State = 0x3136 --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Reject packet from host 10.225.100.20:1645, id=0, length=24 Proxy-State = 0x3136 Processing the post-proxy section of radiusd.conf modcall: entering group post-proxy for request 0 modcall[post-proxy]: module "eap" returns noop for request 0 modcall: group post-proxy returns noop for request 0 Login incorrect (Home Server says so): [00022d37685a/00022d37685a] (from client cvlmfg-ap-0001 port 405 cli 0002.2d37.685a) Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 16 to 10.225.66.156:1645 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 16 with timestamp 41ebf611 Nothing to do. Sleeping until we see a request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html