Alan DeKok wrote:
"Chris A. Kalin" <[EMAIL PROTECTED]> wrote:
That's exactly riight, but why is it even getting to my users file?
Because you configured it that way?
It's supposed to be proxying the auth request to another box, and
apparently does, but then it charges ahead and checks the username
against the local password database anyway
What local password database? It's looking at the "users" file.
Right, the users file has a default Auth-Type := System, so when I was
talking about the "users" file, I was talking about "the users file
where either passwords are specifically stored or it tells RADIUS to use
/etc/passwd authentication." Sorry for not being specific enough. My bad.
If you don't want it to look at the "users" file, update the
configuration so that the "users" file is run ONLY when the realm
module doesn't find a realm. See the debug output for what the realm
module returns when it does/doesn't find a realm, and see
doc/configurable_failover for how to configure the "authorize" section
to run "files" only if a realm isn't found.
An identical users file with the same proxy.conf and (as similiar as
it can be) radiusd.conf under an older FreeRADIUS doesn't do this.
You're saying it used to stop processing "authorize" after the
"realms" module was run, simply because the module added
Proxy-To-Realm.
The server NEVER did that. Ever.
So just so I completely understand, _did_ the server's (or one or more
modules') behavior related to all this change between 0.8 and 1.1.3? If
not, why did this work in an older version and not now?
Thanks for all your help!
Chris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
