Christoph Litauer <[EMAIL PROTECTED]> wrote:
So... did you define that realm in "proxy.conf", or in the "realms" file? I'd bet that the answer is "no".
Thank you Alan, seems as if I still haven't understood who to handle realms.
Please read "proxy.conf".
Well, reading proxy.conf I found the following section:
#
# This realm is used mainly to cancel proxying. You can have
# the "realm suffix" module configured to proxy all requests for
# a realm, and then later cancel the proxying, based on other
# configuration.
#
# For example, you want to terminate PEAP or EAP-TTLS locally,
# you can add the following to the "users" file:
#
# DEFAULT EAP-Type == PEAP, Proxy-To-Realm := LOCAL
#
realm LOCAL {
type = radius
authhost = LOCAL
accthost = LOCAL
}As stated I changed my users to:
#
# First setup all accounts to be checked against the UNIX /etc/passwd.
# (Unless a password was already given earlier in this file).
#
DEFAULT Auth-Type = System
Fall-Through = 1DEFAULT EAP-Type == PEAP, Proxy-To-Realm := LOCAL
[...]
Now my debug log says:
Thread 1 handling request 20, (5 handled so far)
User-Name = "LAPLITAUER\\litauer"
Cisco-AVPair = "ssid=Uni-Koblenz-EAP"
NAS-IP-Address = 141.26.92.10
Called-Station-Id = "004096442c99"
Calling-Station-Id = "000423795461"
NAS-Identifier = "ap-a-e-n"
NAS-Port = 37
Framed-MTU = 1400
State = 0x7bc87798bb2c806d025d128404407406
NAS-Port-Type = Wireless-802.11
Service-Type = Login-User
EAP-Message = 0x027600261900170301001b540a4e2f3db14854be881c8776f8e5ed30aa22fa98b38394e53fef
Message-Authenticator = 0x6e4556cb40fe7d761ad6ebce4a6a4611
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 20
modcall[authorize]: module "preprocess" returns ok for request 20
modcall[authorize]: module "chap" returns noop for request 20
modcall[authorize]: module "mschap" returns noop for request 20
rlm_realm: No '@' in User-Name = "LAPLITAUER\litauer", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 20
rlm_eap: EAP packet type response id 118 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 20
users: Matched DEFAULT at 151
users: Matched DEFAULT at 154
modcall[authorize]: module "files" returns ok for request 20
modcall: group authorize returns updated for request 20
WARNING: You set Proxy-To-Realm = LOCAL, but it is a LOCAL realm! Cancelling invalid proxy request.
I don't thinks that "LAPLITAUER\litauer" is a LOCAL realm, is it? Please help ...
-- Regards Christoph ________________________________________________________________________ Christoph Litauer [EMAIL PROTECTED] Uni Koblenz, Rechenzentrum, http://www.uni-koblenz.de/~litauer Postfach 201602, 56016 Koblenz Fon: +49 261 287-1311, Fax: -100 1311 PGP-Key: http://www.uni-koblenz.de/~litauer/public-key.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
