Brian Julin wrote:
> I tried to replicate on a test server with lightly modified 3.0 stock 
> configs.  The error only
> happens when everything is running through the same server/eap instances, so 
> good
> instincts there.  Replicating it is easy: just uncomment the peap 
> virtual-server directive
> and add at the top of authorize:
> 
>           if (Freeradius-Proxied-To == "127.0.0.1") {
>               update control {
>                  Proxy-To-Realm = example.com
>               }
>           }

  That doesn't make much sense.  If it's in the "default" virtual
server, the FreeRADIUS-Proxied-To attribute will never exist.  If it's
in the "inner-tunnel" virtual server, it will always exist, and always
have that value.

> ...and it doesn't matter that example.com defaults to home_server localhost, 
> it does not get that far.

  Well... I tried it, and I didn't see any errors.

  Can you check that you're really running a *stock* binary, and a
*stock* configuration?

> I believe it is the way it is because at some point we were having trouble 
> using outer.request
> and such between virtual servers.  I'll have to test those and see if that 
> limitation is still
> in effect.

  All that should work...

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to