I have a reverse proxy which needs double authentication: First the reverse proxy itself has an authentication, and then the machine that is reverse proxied to has authentication.
Software used: - Apache 2.2.0 on Linux (Red Hat Enterprise Linux AS release 3 (Taroon Update 6), running kernel 2.4.21-37.ELsmp) - mod_auth_xradius 0.4.6 Despite mod_auth_xradius being used, I have the feeling that this is an Apache issue and not a radius issue. I have configured the server as follows (and if you ask 'why ExtFilter'? mod_proxy_html crashed on this server): ExtFilterDefine revproxy cmd="/bin/sed s/http:..172.28.0.1[56]//g" mode=output outtype=text/html <VirtualHost 145.7.1.73:443> SSLEngine on ServerName xxx.yyy.zzz SSLCertificateFile conf/ssl/xxx.yyy.zzz.cer SSLCertificateKeyFile conf/ssl/xxx.yyy.zzz.key SSLCertificateChainFile conf/ssl/ca.cer ProxyPass /balancer ! ProxyPass / balancer://webmailcluster/ ProxyPassReverse / http://172.28.0.15 ProxyPassReverse / http://172.28.0.16 <Location /> ProxyPassReverse / SetOutputFilter revproxy AuthName "Token authenticatie verplicht" AuthType basic AuthXRadiusAddServer 172.28.0.8 XXXXXX AuthXRadiusTimeout 5 AuthXRadiusRetries 2 Require valid-user </Location> <Proxy balancer://webmailcluster> BalancerMember http://172.28.0.15 BalancerMember http://172.28.0.16 </Proxy> </VirtualHost> However, this results in a 500 internal server error and the following error is logged: [Thu Jan 05 10:10:15 2006] [crit] [client IPaddress] configuration error: couldn't check access. No groups file?: / When I add 'Satisfy any', everything works, but then the radius authentication is skipped. - Why is Apache complaining about a groupfile, while I never configured anything needing a groupfile? - Is this situation an unsupported scenario, or am I doing something wrong? If any more information is needed, let me know. Joost --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
