Hi everyone: I want to proxy requests with i2t realm to a i2t.server.com
The problem is that if I use nostrip directive in the proxy.conf of the proxy server, all works fine. But I need to store logins in the i2t.server.com without the realm name, so I use this configuration from the proxy.conf in the proxy server: realm i2t { type = radius authhost = 192.168.2.2:1812 accthost = 192.168.2.2:1813 secret = testing123 strip } The result of the execution in the i2t.server.com is: [EMAIL PROTECTED]:/etc/freeradius# freeradius -X Starting - reading configuration files ... . . . Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 192.168.2.1:1814, id=0, length=150 User-Name = "user1" NAS-IP-Address = 192.168.1.1 NAS-Port = 0 Called-Station-Id = "00-0C-29-81-54-F3:" Calling-Station-Id = "00-0C-29-EC-7D-9D" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x0209000e01757365723140693274 Message-Authenticator = 0xae40c811e106af74fc216d522466a797 Proxy-State = 0x3335 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "user1", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 9 length 14 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry user1 at line 1 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: Identity does not match User-Name, setting from EAP Identity. rlm_eap: Failed in handler modcall[authenticate]: module "eap" returns invalid for request 0 modcall: leaving group authenticate (returns invalid) for request 0 auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 0 to 192.168.2.1 port 1814 Proxy-State = 0x3335 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 0 with timestamp 468e1d50 Nothing to do. Sleeping until we see a request. rad_recv: Accounting-Request packet from host 192.168.2.1:1814, id=0, length=159 Acct-Session-Id = "468D84AB-0000000D" Acct-Status-Type = Stop Acct-Authentic = RADIUS User-Name = "user1" NAS-IP-Address = 192.168.1.1 NAS-Port = 0 Called-Station-Id = "00-0C-29-81-54-F3:" Calling-Station-Id = "00-0C-29-EC-7D-9D" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" Acct-Session-Time = 301 Event-Timestamp = "Jul 6 2007 12:48:16 CEST" Acct-Terminate-Cause = Idle-Timeout Proxy-State = 0x3336 Processing the preacct section of radiusd.conf modcall: entering group preacct for request 1 modcall[preacct]: module "preprocess" returns noop for request 1 rlm_acct_unique: Hashing 'NAS-Port = 0,Client-IP-Address = 192.168.2.1,NAS-IP-Address = 192.168.1.1,Acct-Session-Id = "468D84AB-0000000D",User-Name = "user1"' rlm_acct_unique: Acct-Unique-Session-ID = "e9f7ae8a84e4857d". modcall[preacct]: module "acct_unique" returns ok for request 1 rlm_realm: No '@' in User-Name = "user1", looking up realm NULL rlm_realm: No such realm "NULL" modcall[preacct]: module "suffix" returns noop for request 1 modcall[preacct]: module "files" returns noop for request 1 modcall: leaving group preacct (returns ok) for request 1 Processing the accounting section of radiusd.conf modcall: entering group accounting for request 1 radius_xlat: '/var/log/freeradius/radacct/192.168.2.1/detail-20070706' rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.2.1/detail-20070706 modcall[accounting]: module "detail" returns ok for request 1 modcall[accounting]: module "unix" returns ok for request 1 radius_xlat: '/var/log/freeradius/radutmp' radius_xlat: 'user1' modcall[accounting]: module "radutmp" returns ok for request 1 modcall: leaving group accounting (returns ok) for request 1 Sending Accounting-Response of id 0 to 192.168.2.1 port 1814 Proxy-State = 0x3336 Finished request 1 Going to the next request --- Walking the entire request list --- Cleaning up request 1 ID 0 with timestamp 468e1db0 Nothing to do. Sleeping until we see a request. Why rejects the request?? Any idea?? Thanks in advance. - Alvaro. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html