Thanks Alan. I try to get user authentication using the python testing tools. From what I get, the users from home server (the remote server) were authenticated, but users from the forwarding server failed to get their authentication. in the proxy.conf, the configuration are ______________________________________________________ realm 200.200.230.136 { type = radius authhost = 200.200.230.136:1812 accthost = 200.200.230.136:1813 secret = amin}
realm NULL { type = radius authhost = 200.200.230.136:1812 accthost = 200.200.230.136:1813 secret = amin} realm DEFAULT { type = radius authhost = 200.200.230.136:1812 accthost = 200.200.230.136:1813 secret = amin} in the debug mode, the messages are: _______________________________________________________ host 200.200.230.135:1163, id=189, length=43 User-Name = "abu" User-Password = "abu" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "abu", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "abu" rlm_realm: Proxying request from user abu to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Preparing to proxy authentication request to realm "NULL" modcall[authorize]: module "suffix" returns updated for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 radius_xlat: 'abu' rlm_sql (sql): sql_set_user escaped user --> 'abu' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'abu' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'abu' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'abu' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'abu' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok for request 0 modcall: group authorize returns updated for request 0 Sending Access-Request of id 0 to 200.200.230.136:1812 User-Name = "abu" User-Password = "abu" NAS-IP-Address = 200.200.230.135 Proxy-State = 0x313839 --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Reject packet from host 200.200.230.136:1812, id=0, length=25 Proxy-State = 0x313839 Processing the post-proxy section of radiusd.conf modcall: entering group post-proxy for request 0 modcall[post-proxy]: module "eap" returns noop for request 0 modcall: group post-proxy returns noop for request 0 Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 189 to 200.200.230.135:1163 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 189 with timestamp 41d0f12f Nothing to do. Sleeping until we see a request. _________________________________________________________ FR is sending auth request to the Remote Server altough the user is from its own sql database. then rejecting it. Is that what is happening? How can i drive the request to 1st search from its sql db and then proxy the request when theres no record? If any additional info needed, please inform me, I will send it immediately. Thanks. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html