Brian Julin wrote: > I tried to replicate on a test server with lightly modified 3.0 stock > configs. The error only > happens when everything is running through the same server/eap instances, so > good > instincts there. Replicating it is easy: just uncomment the peap > virtual-server directive > and add at the top of authorize: > > if (Freeradius-Proxied-To == "127.0.0.1") { > update control { > Proxy-To-Realm = example.com > } > }
That doesn't make much sense. If it's in the "default" virtual server, the FreeRADIUS-Proxied-To attribute will never exist. If it's in the "inner-tunnel" virtual server, it will always exist, and always have that value. > ...and it doesn't matter that example.com defaults to home_server localhost, > it does not get that far. Well... I tried it, and I didn't see any errors. Can you check that you're really running a *stock* binary, and a *stock* configuration? > I believe it is the way it is because at some point we were having trouble > using outer.request > and such between virtual servers. I'll have to test those and see if that > limitation is still > in effect. All that should work... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html