Hallo once more,
I don't want to annoy you, hopefully I'm getting closer...
Alan DeKok wrote:
First, is the realm "NULL" the preferred method to forward requests to another radius server?Is "local" or "system" the correct value to forward requests byNeither.
using realm NULL?
If so, I still need to figure out how to use it. After searching the mailing list archive I found a hint:
DEFAULT Proxy-To-Realm := "foo.com"
Is that how it works? Not with any Auth-Type?
Does this also work if the username doesn't contain that realm?
I tried with this users file:
DEFAULT Auth-Type := LDAP
DEFAULT Proxy-To-Realm := "students"
and this proxy.conf:
realm students {
type = radius
authhost = uml1:1812
accthost = uml1:1813
secret = hidden
}
But then no requests are forwarded. The output of radiusd -X just shows
rlm_realm: No '@' in User-Name = "ben1812", looking up realm NULL
rlm_realm: No such realm "NULL"
which is correct, of course.But if I use this configuration...
DEFAULT Auth-Type := LDAP
DEFAULT Proxy-To-Realm := "NULL"
and this proxy.conf:
realm NULL {
type = radius
authhost = uml1:1812
accthost = uml1:1813
secret = hidden
}
... FR forwards all requests and rejects users that are in the local ldap. (That's my very problem.) Just like without "Proxy-To-Realm".
Apart from that, the doc file "proxy" says that the users file is being processed after the proxying. Does this mean that I don't have to configure the proxying in the users file at all?
If I'm completely wrong again could you please give me hints where to search or what to look for?
Thanks for your patience and helpfullness. Benedikt Panzer
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
