Brian Julin wrote:
> I tried to replicate on a test server with lightly modified 3.0 stock
> configs. The error only
> happens when everything is running through the same server/eap instances, so
> good
> instincts there. Replicating it is easy: just uncomment the peap
> virtual-server directive
> and add at the top of authorize:
>
> if (Freeradius-Proxied-To == "127.0.0.1") {
> update control {
> Proxy-To-Realm = example.com
> }
> }
That doesn't make much sense. If it's in the "default" virtual
server, the FreeRADIUS-Proxied-To attribute will never exist. If it's
in the "inner-tunnel" virtual server, it will always exist, and always
have that value.
> ...and it doesn't matter that example.com defaults to home_server localhost,
> it does not get that far.
Well... I tried it, and I didn't see any errors.
Can you check that you're really running a *stock* binary, and a
*stock* configuration?
> I believe it is the way it is because at some point we were having trouble
> using outer.request
> and such between virtual servers. I'll have to test those and see if that
> limitation is still
> in effect.
All that should work...
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
