"David" <[EMAIL PROTECTED]> wrote:
> From the proxy server, I can authenticate against the home server
> by using radtest or radclient and specifying the correct iformation.
> I can also proxy requests through the proxy server to the home server
> successfully.
Ok...
> I have set up [EMAIL PROTECTED] in the local radius servers database
> and can authenticate successfully. I have set up [EMAIL PROTECTED]
> in the home servers user file. But when I try to authenticate
> [EMAIL PROTECTED] I get:
>
> Access-Reject packet from host 127.0.0.1:1812
What does debug mode say?
> In your last response, you said to set Proxy-To-Ream
> in the users file.
>
> 1. I am not exactly sure what should be put in the users file.
For your situation:
#---
DEFAULT Proxy-To-Realm := "dpl.tests"
#---
> 2. If I want to implement this on a larger scale, for example
> add this capability for all realms we proxy to, is their a way
> to do this with variables in the user file or another means?
What capability? Here you're talking about proxying to one realm.
Do you mean to look for "[EMAIL PROTECTED]" locally, and if not found, proxy
to "realmX", where there may be multiple "realmX" ?
If so, something like:
#---
DEFAULT User-Name =~ "@(.*)$", Proxy-To-Realm := "%{1}"
#---
should work. See doc/variables.txt for information as to why.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
