freeradius version: 1.0.1 (Centos4)
I have the need to proxy requests based on "@domain.com" to different
radius servers. I thought this would be fairly simple after reading
proxy.conf, but I must be missing something!
Here's the relevant portion of my proxy.conf:
realm test.com {
type = radius
authhost = 10.19.3.8:1812
accthost = LOCAL
secret = testing123
}
realm test2.com {
type = radius
authost = 10.19.3.9:1812
accthost = LOCAL
secret = testing123
}
When testing via radtest using "[email protected]" the expected behavior
happens - I see the request proxied to 1.1.1.1:
<SNIP>
rad_recv: Access-Request packet from host 127.0.0.1:53468, id=229, length=65
User-Name = "[email protected]"
User-Password = "test"
NAS-IP-Address = 255.255.255.255
NAS-Port = 123
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
rlm_realm: Looking up realm "test.com" for User-Name = "[email protected]"
rlm_realm: Found realm "test.com"
rlm_realm: Adding Stripped-User-Name = "test"
rlm_realm: Proxying request from user test to realm test.com
rlm_realm: Adding Realm = "test.com"
rlm_realm: Preparing to proxy authentication request to realm
"test.com"
<SNIP>
Sending Access-Request of id 0 to 10.19.3.8:1812
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 255.255.255.255
NAS-Port = 123
Proxy-State = 0x323239
Great!
Now I try it with "[email protected]":
rad_recv: Access-Request packet from host 127.0.0.1:53482, id=7, length=66
User-Name = "[email protected]"
User-Password = "test"
NAS-IP-Address = 255.255.255.255
NAS-Port = 123
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
rlm_realm: Looking up realm "test2.com" for User-Name = "[email protected]"
rlm_realm: Found realm "test2.com"
rlm_realm: Adding Stripped-User-Name = "test"
rlm_realm: Proxying request from user test to realm test2.com
rlm_realm: Adding Realm = "test2.com"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 0
Why would it make the Authentication realm LOCAL? If I move the realm
test2.com above test.com in proxy.conf then test2.com works & test.com
doesn't.
Can someone point me in the right direction? I've read included
doc/proxy, proxy.conf & the online wiki sections on proxy. It seems so
simple, yet I can't seem to figure it out!
Thanks in advance.
-dallas
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
