Alan thanks for the reply. I already have radiusa which does the LDAP authentication ( which has ldap1 and ldap2 groups) . New business request came to add POP3 authentication for third party. so I added new radius server radiusb which does the POP3 auth.
I am using radiusa to do proxy depends on the realm xyz.net to forward to radiusb and all other requests (no realm in the usernames) still go to radiusa. I am running radiusa on 1812 and radiusb on 1912. I did not see any log messages in radiusb server. I thought when using radiusa proxy, it forwards the request to radiusb. The user [EMAIL PROTECTED] is configured in radiusb which does pop3 auth. No [EMAIL PROTECTED] user exists in radiusa ( in ldap). Hope this helps. Let me know if I am doing it right. Here is the radius -X log, rad_recv: Access-Request packet from host 167.206.23.94:1357, id=15, length=59 User-Name = "[EMAIL PROTECTED]" User-Password = "test" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: Looking up realm "xyz.net" for User-Name = "[EMAIL PROTECTED]" rlm_realm: Found realm "xyz.net" rlm_realm: Adding Stripped-User-Name = "testaccount" rlm_realm: Proxying request from user testaccount to realm xyz.net rlm_realm: Adding Realm = "xyz.net" rlm_realm: Preparing to proxy authentication request to realm "xyz.net" modcall[authorize]: module "suffix" returns updated for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry DEFAULT at line 75 users: Matched entry DEFAULT at line 180 users: Matched entry DEFAULT at line 184 modcall[authorize]: module "files" returns ok for request 0 modcall: entering group group for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for testaccount radius_xlat: '(uid=testaccount)' radius_xlat: 'dc=opt,dc=net,o=internet' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to ldap1:389, authentication 0 rlm_ldap: bind as uid=mmpProxy,o=internet/MMPass to ldap1:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in dc=opt,dc=net,o=internet, with filter (uid=testaccount) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap1" returns notfound for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for testaccount radius_xlat: '(&(uid=testaccount)(entitlements=WIFILOC1))' radius_xlat: 'ou=roles,o=entitlement' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to ldap://ldap2:1389, authentication 0 rlm_ldap: bind as uid=appuser,ou=appadm,o=entitlement/PaBlAn0 to ldap://ldap2:1389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=roles,o=entitlement, with filter (&(uid=testaccount)(entitlements=WIFILOC1)) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap2" returns notfound for request 0 modcall: group group returns reject for request 0 modcall: group authorize returns reject for request 0 Invalid user (rlm_ldap: User not found): [EMAIL PROTECTED] (from client test1 port 0) Cancelling proxy as request was already rejected Request 0 rejected in proxy_send. Server rejecting request 0. Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 15 to 167.206.23.94:1357 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 15 with timestamp 48b424b1 Nothing to do. Sleeping until we see a request. --- On Tue, 8/26/08, Alan DeKok <[EMAIL PROTECTED]> wrote: From: Alan DeKok <[EMAIL PROTECTED]> Subject: Re: Pop3 and LDAP authentication...Multiple radius servers To: [EMAIL PROTECTED], "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Date: Tuesday, August 26, 2008, 12:00 PM Eric Martell wrote: > Here is the entire log. ... > rlm_ldap: performing search in dc=test1,dc=net,o=internet, with filter > (uid=testaccount) If you're proxying the request, why have you configured the server to do lookups in LDAP? > ldap://vadsdsdsad:389 failed: Can't contact LDAP server > rlm_ldap: (re)connection attempt failed > rlm_ldap: search failed > rlm_ldap: ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap2" returns fail for request 0 > modcall: group group returns reject for request 0 That would seem to show why it's being rejeect. The LDAP server is down. And I don't think "vadsdsdsad" is a real host name in your network. Perhaps you could explain why you think the server should work after you've configured it to use resources that don't exist. Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
