OK, I've got a bit of a weird issue here. I've beat my head against it
and I'm turning to the list for help.
I have local UNIX authentication, and I also proxy a few realms. The
problem seems to arise when I have the same username both locally and
going to a particular realm.
We have [EMAIL PROTECTED] and bob. Bob (the local user) is disabled, he's
in a certain group on my server that locks him out completely. On my
backup RADIUS server, which is version 0.8-pre, I get the expected
behavior - if bob tries to log in, he gets a "Your account has been
disabled" message, but if [EMAIL PROTECTED] tries to log in, the proxy
request goes to the remote server and it'll work.
But on 1.1.3 I get weird results. Bob (local) gets the same "disabled"
message, but so does [EMAIL PROTECTED] But if I take bob out of the local
passwd file, [EMAIL PROTECTED] proxies to where it's supposed to go and
works fine. What's even weirder is in the above failure, I don't even
get anything in radius.log about [EMAIL PROTECTED] failing auth - I have to
hear about it from the customer himself.
I'm assuming something major changed in the proxy code in the past,
what, four years? But this is kind of a show stopper for me, so any
help would be appreciated. I can post whatever config files anyone
needs, but maybe I'm just missing something stupid here.
Thanks in advance!
Chris Kalin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
