"Chris A. Kalin" <[EMAIL PROTECTED]> wrote: > That's exactly riight, but why is it even getting to my users file?
Because you configured it that way? > It's supposed to be proxying the auth request to another box, and > apparently does, but then it charges ahead and checks the username > against the local password database anyway What local password database? It's looking at the "users" file. If you don't want it to look at the "users" file, update the configuration so that the "users" file is run ONLY when the realm module doesn't find a realm. See the debug output for what the realm module returns when it does/doesn't find a realm, and see doc/configurable_failover for how to configure the "authorize" section to run "files" only if a realm isn't found. > An identical users file with the same proxy.conf and (as similiar as > it can be) radiusd.conf under an older FreeRADIUS doesn't do this. You're saying it used to stop processing "authorize" after the "realms" module was run, simply because the module added Proxy-To-Realm. The server NEVER did that. Ever. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
