SOLVED. Modified my proxy.conf file as per another list post. You cannot just add the 'nostrip' option to the realm. You must remove the home_server and home_server_pool, but keep the options from the home_server and put them under the realm.
This solves the DOS loop problem. Example proxy.conf: proxy server { default_fallback = no } realm example.com { type = auth ipaddr = 127.0.0.1 port = 1812 secret = testing123 require_message_authenticator = yes response_window = 20 zombie_period = 40 revive_interval = 120 status_check = status-server check_interval = 30 num_answers_to_alive = 3 max_outstanding = 65536 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } nostrip } realm LOCAL { } On Sun, Dec 9, 2012 at 1:56 PM, Dan Letkeman <danletke...@gmail.com> wrote: > Here is my proxy.conf file contents: > > > proxy server { > > > > default_fallback = no > > } > > > home_server localhost { > type = auth > > ipaddr = 127.0.0.1 > > > > > port = 1812 > > secret = testing123 > > > > require_message_authenticator = yes > > response_window = 20 > > > zombie_period = 40 > > > revive_interval = 120 > > status_check = status-server > > > check_interval = 30 > > num_answers_to_alive = 3 > > max_outstanding = 65536 > > coa { > irt = 2 > > mrt = 16 > > mrc = 5 > > mrd = 30 > } > } > > > home_server_pool my_auth_failover { > type = fail-over > > > home_server = localhost > > > > } > > > realm example.com { > > auth_pool = my_auth_failover > > nostrip > > } > > > > realm LOCAL { > } > > > > On Sun, Dec 9, 2012 at 11:09 AM, Dan Letkeman <danletke...@gmail.com>wrote: > >> Alan, >> >> I have added 'nostrip' to the realm example.com and it looks like it has >> problems with that. Possibly some sort of loop? >> >> https://docs.google.com/open?id=0B57E1K2jJi4DZGwzSUtDajdQV2s >> >> >> >> >> On Sun, Dec 9, 2012 at 9:58 AM, Alan Buxey <a.l.m.bu...@lboro.ac.uk>wrote: >> >>> Hi, >>> >>> > [eap] Identity does not match User-Name, setting from EAP Identity. >>> >>> EAP doesnt like the user-name being played around with....ensure that >>> you 'nostrip' >>> in your proxy.conf for the realm you are handling....or use >>> 'stripped-user-name' >>> for the checks/handlers. >>> >>> >>> alan >>> - >>> List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/users.html >>> >> >> >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html