> What does debug say ( radiusd -x -x -x ) about the part where
> it is checking the realms?
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_realm: Proxying request from user [EMAIL PROTECTED] to realm IPASS
modcall[authorize]: module "prefix" returns updated
rlm_realm: Proxying request from user IPASS/test to realm sunset.net
modcall[authorize]: module "suffix" returns updated
And later on it says:
Login incorrect (Home Server says so): [[EMAIL PROTECTED]/test]
(from nas localhost port 0)
And this is what I get in the logs in the proxy:
Wed Mar 27 17:10:20 2002: Authenticate: from diamond.sunset.net -
Invalid User: IPASS/test
Wed Mar 27 17:10:20 2002: Rejecting user:IPASS/test
Either way, it doesn't appear to be proxying correctly, when both
prefix, and suffix are enabled.
.~.
/v\
-- // \\
JA /( )\
^`~`^
L I N U X
[-----------------------------------------------------------]
Justin Ainsworth Systems Administrator &
PHONE: (530) 879-5660x108 Technical Support Supervisor
FAX: (530) 879-5676 Sunset Net LLC
WEB: http://www.sunset.net 1915 Mangrove Ave
EMAIL: [EMAIL PROTECTED] Chico, CA 95926
[-----------------------------------------------------------]
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf Of
> Chris Parker
> Sent: Wednesday, March 27, 2002 4:59 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Proxying
>
>
> At 04:44 PM 3/27/2002 -0800, Justin Ainsworth wrote:
> > > This part looks fine, though I'd recommend not using the actual
> > > realm names for the module instances.
> > >
> >
> >Ok. I changed the names. We now have:
> >sunset.net -> suffix
> >IPASS -> prefix
>
> That's more logical. You are defining how realms are
> specified in 'radiusd.conf' not what the actual realms are.
>
> > > >authorize {
> > > > preprocess
> > > > sunset.net
> > > > IPASS
> > >
> > > And this tells it to look for 'sunset.net' first, which
> it does, and
> > > strips it and proxies it. Reverse the order here and
> you'll get the
> > > behaviour you are looking for.
> >
> >I have tried that. So this would be the order:
> >
> >authorize {
> > preprocess
> > prefix
> > suffix
> >}
>
> That should be what you want.
>
> >So, I decided to comment out the "suffix", and it starts proxying
> >correctly. But as soon as I uncomment the suffix, no matter which
> >order they are in, the proxying stops working. And it works
> the other
> >way by commenting out the prefix, and leaving the suffix in place.
>
> What does debug say ( radiusd -x -x -x ) about the part where
> it is checking the realms?
>
> >So, I guess my question is, In order for me to proxy one
> realm that has
> >a prefix and needs to NOT be stripped, and another realm, that has a
> >suffix and needs to be stripped, how should I setup my
> authorize group?
>
> Nope, it should work the way you have it setup now. See what
> the debug output says. That may give you a clue what the problem is.
>
> -Chris
> --
> \\\|||/// \ StarNet Inc. \ Chris Parker
> \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering
> | @ @ | \ http://www.starnetwx.net \ (847) 963-0116
> oOo---(_)---oOo--\--------------------------------------------
> ----------
> \ Wholesale Internet Services -
http://www.megapop.net
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
