You should also uncommed or add IPASS under authorizes section and preacct section.
Good luck! ----- Original Message ---- From: Sebastien Boucher <[email protected]> To: [email protected] Sent: Thursday, March 26, 2009 12:05:22 AM Subject: proxy questions i don't know if this was asked before but here it goes : we are currently using FreeRADIUS Version 1.1.1 that authenticates local users via LDAP I am trying to setup an IPASS realm for another company and can't get any success .. here is what i have done so far: i have the following in radiusd.conf realm IPASS { format = prefix delimiter = "/" ignore_default = yes ignore_null = yes } i also uncommented IPASS in authorize and preacct and this is what i have in proxy.conf realm IPASS { type = radius authhost = server.ip.here:1812 accthost = server.ip.here:1813 secret = **** retry_delay = 10 retry_count = 3 dead_time = 1 nostrip } realm NULL { type = radius authhost = LOCAL accthost = LOCAL } this what i get when i run radiusd in debug : rad_recv: Access-Request packet from host nas.ip.address:1645, id=82, length=168 Framed-Protocol = PPP User-Name = "IPASS/[email protected]" User-Password = "somepassword" Called-Station-Id = "5143174746" Calling-Station-Id = "5148776026" Cisco-NAS-Port = "Async1/8/97" NAS-Port = 3013 NAS-Port-Type = Async Service-Type = Framed-User NAS-IP-Address = nas.ip.address Acct-Session-Id = "0017A2FD" NAS-Identifier = "NAS01.MTLCNDS." rlm_ldap: Entering ldap_groupcmp() rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: object not found or got ambiguous search result rlm_ldap::ldap_groupcmp: search failed rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: Entering ldap_groupcmp() rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: object not found or got ambiguous search result rlm_ldap::ldap_groupcmp: search failed rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for IPASS/[email protected] rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 Sending Access-Reject of id 82 to 206.80.253.252 port 1645 i am sure i am missing something .. if i understand radius is trying to validate it in LDAP before sending the proxy request to the other server any help would be very appreciated thanks seb - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
