Hi
all,
I encountered a
problem during authentication request. Would you give me a hand
?
Many
thanks!
Configuration:
Host A
( Radius server)
Host
B ( proxy all requests to host A )
Problem:
1)
Access-Request is sent to Host B from client
2) Host B proxy
request to Host A
3
--
From:
Wilson Lie
To: freeradius-users@lists.freeradius.org
Sent: Wednesday, September 21, 2005 5:58
AM
Subject: cannot return access accept from
proxy to client
Hi
all,
I encountered a
problem during authentication request. Would you give me a h
adius users mailing list
Cc:
Subject: Re: cannot return access accept from proxy to client
Seeing your output, it says that it's failing because "post-auth"
module is failing due to the fail of the "sql" module invoked. Lookup yo
Wilson Lie wrote:
> When host B acts as a proxy, the [sql] failed as the username from
> access-accept is missing.
You should make the SQL query so that it won't make an error when certain
attributes are not present or empty.
See the example sql.conf file.
Turn sql traces on and run in debug mode
I suspect that the freeradius will return failed at once when
"username" attribute is not found
and because the username attribute won't be included in the
"access-accept' packet .
The "sql" can be executed successfully when host B acts as
authentication server.
So mayb
"Wilson Lie" <[EMAIL PROTECTED]> wrote:
> I suspect that the freeradius will return failed at once when
> "username" attribute is not found and because the username attribute
> won't be included in the "access-accept' packet .
No. FreeRADIUS doesn't care about User-Name's in Access-Accept.
> T
group post-auth returns fail for request 3
Delaying request 3 for 1 seconds
Finished request 3
=
-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: 2005/9/22 [星期四] 下午 11:19
To: FreeRadius users mailing list
Cc:
Subject: Re: cannot return
"Wilson Lie" <[EMAIL PROTECTED]> wrote:
> But I'm afraid that you misunderstood the question.
I understood it fine. My response should have been clear.
> Yes, for normal Access-Accept if Host B act as server , the
> access-accept can be sent back to client
The problem has NOTHING to do with
ist
Subject: Re: cannot return access accept from proxy to client
"Wilson Lie" <[EMAIL PROTECTED]> wrote:
> But I'm afraid that you misunderstood the question.
I understood it fine. My response should have been clear.
> Yes, for normal Access-Accept if Host B act
"Wilson Lie" <[EMAIL PROTECTED]> wrote:
> Q1. Any method such that host B won't goes into [post-auth] when it is
> receiving result from another server ?
I'm not sure what you mean here. Perhaps you could try using
complete sentences.
I *think* the answer is "source code edits".
> Q2. In
Hi Alan,
for Q2, doc/Post-Auth-type don't have information to support branching by
realm ?
-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 04, 2005 8:23 AM
To: FreeRadius users mailing list
Subject: Re: cannot return access accept from pro
"Wilson Lie" <[EMAIL PROTECTED]> wrote:
> for Q2, doc/Post-Auth-type don't have information to support branching by
> realm ?
No, but you can use some other method to set Post-Auth-Type, and
that method can look for realms.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.f
12 matches
Mail list logo