Artur,
I think it works for me now. I did add port number and I think it does it.
But still have problem with Framed-IP-Address display.
Thanks,
-Jenhwa
On Thursday 04 April 2002 11:58 am, you wrote:
> hello
>
> please see comments inline
>
> > Environment requirement: All requests from Radius server A(machine named
> > redhat) will be proxy to Radius Server B(machine named jenhwa).
> >
> > (1) In machine A I have in my proxy.conf the following realms defined.
> >
> > realm jenhwa {
> > type = radius
> > authhost= 10.1.1.77
> > accthost = 10.1.1.77
> > secret = jenhwa
> > nostrip
> > }
> >
> > where 10.1.1.77 is IP address of Radius Server B.
> > and also in the radiusd.conf I can see $INCLUDE proxy.conf there. But
> > not sure it is active, assuming $INCLUDE will do so.
>
> this is fine so far, if 10.1.1.77 is "jenhwa". but: i'm not sure if you
> can omit the ports (developers? can you? i.e. would it take the ports
> from /etc/services or what?)
>
> > it said the
> > proxy_requests = yes
> > #INCLUDE ${confdir}/proxy.conf
>
> ^^^^
> THIS IS A COMMENTED LINE. it should be $INCLUDE ${confdir}/proxy.conf.
> well, i presume that it was a typo.
>
> > (2) In machine B I have the following entry in the proxy.conf
> >
> > realm jenhwa {
> > type = radius
> > authhost = LOCAL
> > accthost = LOCAL
> > }
> >
> > and clients.conf I have
> > client 10.1.1.6 {
> > secret = jenhwa
> > shortname = redhat
> > }
> >
> > where 10.1.1.6 is the IP address of radius server A.
>
> yes, fine, A == redhat
>
> > (3) Bring up both radius server A and B using /usr/local/sbin/radiusd -x
>
> i would append a "-s"
>
> > (4) I run radtest on machine A as follows and see the request get
> > executed at Radius Server A not B.
> >
> > radtest popo@jenhwa none 10.1.1.6 101 jenhwa whathint jenhwa
>
> hmm, if you run it on A for A, why don't you run it for "localhost"?
> well, it doesn't matter much but it's a kind of confusing :-)
>
> > I then see on radius server A screen showing request get processed with
> > user-name = "popo@jenhwa" and not forward to Radius server A at all.
>
> it should forward to B, doesn't it? please let be precise. using names
> like A and B doesn't let a lot of space for imagination. you have to be
> formal!!!
>
> > I think I am missing the key part which is, how does a Radisu server tell
> > a user is suppose to get proxyed? Do I have to define something in the
>
> by checking it's configured realm part. in your case, using
> "popo@jenhwa" is separated into three parts:
> 1. user: popo
> 2. delimiter: @
> 3. realm: jenhwa
>
> the server which you are talking about will then try to find a mathing
> entry for this realm in the proxy.conf (once you've activated it :-),
> that's the problem here as it seems to me). if it finds an entry telling
> something about another host, it will play a client and re-send the
> packages almost in the same way, the NAS does. if it finds a matching
> entry with a LOCAL keyword in it, it's gonna feel responsible for this
> realm and process it itself.
>
> > proxy.conf to let radius server to know which format to use such as
> > popo@jenhwa? If so, how is that accomplished? or else?
>
> indeed, you have to! but not in the proxy.conf, these values are
> currently stored in the radiusd.conf (well, since proxy.conf is
> included, it doesn't matter much, it's just a question of organisation).
> so, in the radiusd.conf, you have something like:
>
> realm suffix {
> format = suffix
> delimiter = "@"
> }
>
> this is the right syntax for the used format. and, having defined it
> like that, you should have activated the module called "suffix" (see
> above) in your Authorization and perhaps Pre-Accounting sections at the
> end of the same file.
>
>
> does it work now? :-)
>
> artur
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
