Hi,
I'm building 'backend' radius servers, that only have to know about
one domain - the default one, despite the stuff the users put into
their login names.
I have the following config (proxy.conf):
proxy server {
default_fallback = no
}
realm LOCAL {
}
realm NULL {
authhost= LOCAL
accthost= LOCAL
secret = NONE
}
realm DEFAULT {
authhost= LOCAL
accthost= LOCAL
secret = NONE
}
But when I try to auth something that has a domain - it doesn't get
recognised properly:
Config: including file: /etc/freeradius/radiusd.conf
Config: including file: /etc/freeradius/proxy.conf
Config: including file: /etc/freeradius/clients.conf
Config: including file: /etc/freeradius/snmp.conf
Config: including file: /etc/freeradius/sql.conf
Config: including file: /etc/freeradius/sql/postgresql-auth.conf
Config: including file: /etc/freeradius/sql/postgresql-acct.conf
FreeRADIUS Version 2.0.0-pre1, for host i486-pc-linux-gnu, built on
Jul 2 2007 at 17:42:30
Starting - reading configuration files ...
read_config_files: reading dictionary
main {
prefix = /usr
localstatedir = /var
logdir = /var/log/freeradius
libdir = /usr/lib/freeradius
radacctdir = /var/log/freeradius/radacct
hostname_lookups = no
snmp = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
log_stripped_names = yes
log_file = /var/log/freeradius/radius.log
log_auth = no
log_auth_badpass = yes
log_auth_goodpass = no
pidfile = /var/run/freeradius/freeradius.pid
user = freerad
group = freerad
checkrad = /usr/sbin/checkrad
debug_level = 0
proxy_requests = yes
log {
syslog_facility = daemon
}
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
realm LOCAL {
ldflag = fail_over
}
realm NULL {
ldflag = fail_over
secret = NONE
}
realm DEFAULT {
ldflag = fail_over
secret = NONE
}
port = 1812
listen {
type = auth
ipaddr = *
port = 1812
}
listen {
type = acct
ipaddr = *
port = 1813
}
client 127.0.0.1 {
secret = testing123
shortname = localhost
nastype = other
}
client 10.119.10.23/32 {
secret = xyz
shortname = akl-grafton-radproxy1
}
client 10.119.10.24/32 {
secret = xyz
shortname = akl-grafton-radproxy2
}
radiusd: entering modules setup
radiusd: Library search path is /usr/lib/freeradius
instantiate {
}
modules {
Module: Instantiating section authenticate
Module: Linked to module rlm_pap
Module: Instantiating pap
pap {
encryption_scheme = auto
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Instantiating section authorize
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
preprocess {
huntgroups = /etc/freeradius/huntgroups
hints = /etc/freeradius/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = yes
with_alvarion_vsa_hack = no
}
Module: Linked to module rlm_detail
Module: Instantiating auth_log
detail auth_log {
detailfile =
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
header = %t
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_realm
Module: Instantiating suffix
realm suffix {
format = suffix
delimiter = @
ignore_default = no
ignore_null = yes
}
Module: Linked to module rlm_sql
Module: Instantiating sql_auth
sql sql_auth {
driver = rlm_sql_postgresql
server = 10.119.15.5
port =
login = raduser
password = raduser
radius_db = radbackend
sqltrace = no
sqltracefile = /var/log/freeradius/sqltrace.sql
readclients = no
deletestalesessions = yes
num_sql_socks = 5
sql_user_name = %{Stripped-User-Name:-%{User-Name}}
default_user_profile =
safe-characters =
@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
/
QUERIES STRIPPED
}
rlm_sql (sql_auth): Driver rlm_sql_postgresql (module
rlm_sql_postgresql) loaded and linked
rlm_sql (sql_auth): Attempting to connect to [EMAIL PROTECTED]:/radbackend
rlm_sql (sql_auth): starting 0
rlm_sql (sql_auth): Attempting to connect rlm_sql_postgresql #0
rlm_sql (sql_auth): Connected new DB handle, #0