Hi Arran, hi Alexander and hi Freeradius-List, I ran into problems regarding to the Proxy-to-realm thing... :(
My Setup: 10.0.0.1 A cisco Router 10.0.1.20 My Terminal 192.168.0.1 Radius (Home Server) 192.168.0.2 Radius (Proxy) At first a successful login with username [EMAIL PROTECTED]: --snip1-- User-Name = "[EMAIL PROTECTED]" Reply-Message = "Password: " User-Password = "testtest" NAS-Port = 2 NAS-Port-Id = "tty2" NAS-Port-Type = Virtual Calling-Station-Id = "10.0.1.20" NAS-IP-Address = 10.0.0.1 Tue Apr 10 19:41:10 2007 : Debug: Processing the authorize section of radiusd.conf Tue Apr 10 19:41:10 2007 : Debug: modcall: entering group authorize for request 0 Tue Apr 10 19:41:10 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Tue Apr 10 19:41:10 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Tue Apr 10 19:41:10 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 0 Tue Apr 10 19:41:10 2007 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 0 Tue Apr 10 19:41:10 2007 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 0 Tue Apr 10 19:41:10 2007 : Debug: modcall[authorize]: module "chap" returns noop for request 0 Tue Apr 10 19:41:10 2007 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 0 Tue Apr 10 19:41:10 2007 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 0 Tue Apr 10 19:41:10 2007 : Debug: modcall[authorize]: module "mschap" returns noop for request 0 Tue Apr 10 19:41:10 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 0 Tue Apr 10 19:41:10 2007 : Debug: rlm_realm: Looking up realm "realm" for User-Name = "[EMAIL PROTECTED]" Tue Apr 10 19:41:10 2007 : Debug: rlm_realm: Found realm "realm" Tue Apr 10 19:41:10 2007 : Debug: rlm_realm: Proxying request from user abc to realm realm Tue Apr 10 19:41:10 2007 : Debug: rlm_realm: Adding Realm = "realm" Tue Apr 10 19:41:10 2007 : Debug: rlm_realm: Preparing to proxy authentication request to realm "realm" Tue Apr 10 19:41:10 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 0 Tue Apr 10 19:41:10 2007 : Debug: modcall[authorize]: module "suffix" returns updated for request 0 Tue Apr 10 19:41:10 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 0 Tue Apr 10 19:41:10 2007 : Debug: rlm_eap: No EAP-Message, not doing EAP Tue Apr 10 19:41:10 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 0 Tue Apr 10 19:41:10 2007 : Debug: modcall[authorize]: module "eap" returns noop for request 0 Tue Apr 10 19:41:10 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 0 Tue Apr 10 19:41:10 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 0 Tue Apr 10 19:41:10 2007 : Debug: modcall[authorize]: module "files" returns notfound for request 0 Tue Apr 10 19:41:10 2007 : Debug: modcall: leaving group authorize (returns updated) for request 0 Tue Apr 10 19:41:10 2007 : Debug: proxy: creating 688187c3:1812 Tue Apr 10 19:41:10 2007 : Debug: proxy: allocating 688187c3:1812 0 Sending Access-Request of id 0 to 192.168.0.1 port 1812 User-Name = "[EMAIL PROTECTED]" Reply-Message = "Password: " User-Password = "testtest" NAS-Port = 2 NAS-Port-Id = "tty2" NAS-Port-Type = Virtual Calling-Station-Id = "10.0.1.20" NAS-IP-Address = 10.0.0.1 Proxy-State = 0x3836 Tue Apr 10 19:41:10 2007 : Debug: Thread 1 waiting to be assigned a request rad_recv: Access-Accept packet from host 192.168.0.1:1812, id=0, length=24 Tue Apr 10 19:41:10 2007 : Debug: proxy: de-allocating 688187c3:1812 0 Tue Apr 10 19:41:10 2007 : Debug: rl_next: returning NULL Tue Apr 10 19:41:10 2007 : Debug: Thread 2 got semaphore Tue Apr 10 19:41:10 2007 : Debug: Thread 2 handling request 0, (1 handled so far) Proxy-State = 0x3836 Tue Apr 10 19:41:10 2007 : Debug: Processing the post-proxy section of radiusd.conf Tue Apr 10 19:41:10 2007 : Debug: modcall: entering group post-proxy for request 0 Tue Apr 10 19:41:10 2007 : Debug: modsingle[post-proxy]: calling eap (rlm_eap) for request 0 Tue Apr 10 19:41:10 2007 : Debug: modsingle[post-proxy]: returned from eap (rlm_eap) for request 0 Tue Apr 10 19:41:10 2007 : Debug: modcall[post-proxy]: module "eap" returns noop for request 0 Tue Apr 10 19:41:10 2007 : Debug: modcall: leaving group post-proxy (returns noop) for request 0 Tue Apr 10 19:41:10 2007 : Debug: authorize: Skipping authorize in post-proxy stage Tue Apr 10 19:41:10 2007 : Debug: rad_check_password: Found Auth-Type Tue Apr 10 19:41:10 2007 : Debug: rad_check_password: Auth-Type = Accept, accepting the user Sending Access-Accept of id 86 to 10.0.0.1 port 1645 Tue Apr 10 19:41:10 2007 : Debug: Finished request 0 Tue Apr 10 19:41:10 2007 : Debug: Going to the next request Tue Apr 10 19:41:10 2007 : Debug: Thread 2 waiting to be assigned a request Tue Apr 10 19:41:10 2007 : Debug: Waking up in 31 seconds... --snip1-- Now trying Alexander's (Klepikov) hint with the following in "hints" >DEFAULT Suffix !~ "@." > Realm = "%{NAS-IP-Address:-unknown}" --snip2-- User-Name = "abc" Reply-Message = "Password: " User-Password = "testtest" NAS-Port = 2 NAS-Port-Id = "tty2" NAS-Port-Type = Virtual Calling-Station-Id = "10.0.1.20" NAS-IP-Address = 10.0.0.1 Tue Apr 10 19:42:41 2007 : Debug: Processing the authorize section of radiusd.conf Tue Apr 10 19:42:41 2007 : Debug: modcall: entering group authorize for request 0 Tue Apr 10 19:42:41 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Tue Apr 10 19:42:41 2007 : Debug: hints: Matched DEFAULT at 77 Tue Apr 10 19:42:41 2007 : Debug: radius_xlat: '10.0.0.1' Tue Apr 10 19:42:41 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Tue Apr 10 19:42:41 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 0 Tue Apr 10 19:42:41 2007 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 0 Tue Apr 10 19:42:41 2007 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 0 Tue Apr 10 19:42:41 2007 : Debug: modcall[authorize]: module "chap" returns noop for request 0 Tue Apr 10 19:42:41 2007 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 0 Tue Apr 10 19:42:41 2007 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 0 Tue Apr 10 19:42:41 2007 : Debug: modcall[authorize]: module "mschap" returns noop for request 0 Tue Apr 10 19:42:41 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 0 Tue Apr 10 19:42:41 2007 : Debug: rlm_realm: Request already proxied. Ignoring. Tue Apr 10 19:42:41 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 0 Tue Apr 10 19:42:41 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 0 Tue Apr 10 19:42:41 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 0 Tue Apr 10 19:42:41 2007 : Debug: rlm_eap: No EAP-Message, not doing EAP Tue Apr 10 19:42:41 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 0 Tue Apr 10 19:42:41 2007 : Debug: modcall[authorize]: module "eap" returns noop for request 0 Tue Apr 10 19:42:41 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 0 Tue Apr 10 19:42:41 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 0 Tue Apr 10 19:42:41 2007 : Debug: modcall[authorize]: module "files" returns notfound for request 0 Tue Apr 10 19:42:41 2007 : Debug: modcall: leaving group authorize (returns ok) for request 0 Tue Apr 10 19:42:41 2007 : Debug: auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Tue Apr 10 19:42:41 2007 : Debug: auth: Failed to validate the user. Tue Apr 10 19:42:41 2007 : Debug: Delaying request 0 for 1 seconds Tue Apr 10 19:42:41 2007 : Debug: Finished request 0 Tue Apr 10 19:42:41 2007 : Debug: Going to the next request Tue Apr 10 19:42:41 2007 : Debug: Thread 1 waiting to be assigned a request --snip2-- At last trying Arran's hint with the following in "users" >DEFAULT > NAS-IP-Address == 10.0.1.20, Proxy-To-Realm = "realm", > User-Name = "[EMAIL PROTECTED]" --snip3-- User-Name = "abc" Reply-Message = "Password: " User-Password = "testtest" NAS-Port = 2 NAS-Port-Id = "tty2" NAS-Port-Type = Virtual Calling-Station-Id = "10.0.1.20" NAS-IP-Address = 10.0.0.1 Tue Apr 10 19:44:45 2007 : Debug: Processing the authorize section of radiusd.conf Tue Apr 10 19:44:45 2007 : Debug: modcall: entering group authorize for request 0 Tue Apr 10 19:44:45 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Tue Apr 10 19:44:45 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Tue Apr 10 19:44:45 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 0 Tue Apr 10 19:44:45 2007 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 0 Tue Apr 10 19:44:45 2007 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 0 Tue Apr 10 19:44:45 2007 : Debug: modcall[authorize]: module "chap" returns noop for request 0 Tue Apr 10 19:44:45 2007 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 0 Tue Apr 10 19:44:45 2007 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 0 Tue Apr 10 19:44:45 2007 : Debug: modcall[authorize]: module "mschap" returns noop for request 0 Tue Apr 10 19:44:45 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 0 Tue Apr 10 19:44:45 2007 : Debug: rlm_realm: No '@' in User-Name = "abc", looking up realm NULL Tue Apr 10 19:44:45 2007 : Debug: rlm_realm: No such realm "NULL" Tue Apr 10 19:44:45 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 0 Tue Apr 10 19:44:45 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 0 Tue Apr 10 19:44:45 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 0 Tue Apr 10 19:44:45 2007 : Debug: rlm_eap: No EAP-Message, not doing EAP Tue Apr 10 19:44:45 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 0 Tue Apr 10 19:44:45 2007 : Debug: modcall[authorize]: module "eap" returns noop for request 0 Tue Apr 10 19:44:45 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 0 Tue Apr 10 19:44:45 2007 : Debug: users: Matched entry DEFAULT at line 215 Tue Apr 10 19:44:45 2007 : Debug: radius_xlat: '[EMAIL PROTECTED]' Tue Apr 10 19:44:45 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 0 Tue Apr 10 19:44:45 2007 : Debug: modcall[authorize]: module "files" returns ok for request 0 Tue Apr 10 19:44:45 2007 : Debug: modcall: leaving group authorize (returns ok) for request 0 Tue Apr 10 19:44:45 2007 : Debug: auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Tue Apr 10 19:44:45 2007 : Debug: auth: Failed to validate the user. Tue Apr 10 19:44:45 2007 : Debug: Delaying request 0 for 1 seconds Tue Apr 10 19:44:45 2007 : Debug: Finished request 0 Tue Apr 10 19:44:45 2007 : Debug: Going to the next request Tue Apr 10 19:44:45 2007 : Debug: Thread 1 waiting to be assigned a request rad_recv: Access-Request packet from host 10.0.0.1:1645, id=89, length=93 Sending Access-Reject of id 89 to 10.0.0.1 port 1645 --snip3-- Where is my mistake? The Freeradius-package is the latest in debian stable (4.0) branch (freeradius_1.1.3-3_i386) Regards Alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html