Hi,
> to authenticate with the eduroam user. It seems that although the
> request is proxied, my server tries to locally check the authorized
> attributes of the user against my local ldap server. And since no
> such user exists ldap returns : object not found
use unlang to put a protection wrapper around your ldap eg
if (%{realm} == /yourrealm.com/){
ldap
}
> Next, my server proxies an other request with empty attributes
> certainly resulting from the previous object found result :
> Sending Access-Request of id 144 to 193.190.198.59 port 1812
> User-Name := ""
> User-Password := ""
> Service-Type := Authenticate-Only
> Message-Authenticator := 0x00000000000000000000000000000000
> NAS-Identifier := "Status Check. Are you alive?"
this is a status-check packet - your server is configured to sent status-check
packets
tothe remote proxy to check if its up/alive - there is no response to this
request -
so thats bad. you COULD configure proxy.conf for that remote proxy to use a
username/pass (ideally a BAD password to get a REJECT) for this purpose if the
remote proxy isnt responding to these packets as it should. for status requests
a reject is as good as an accept...you get a response..thats what the server
wants.
you also then avoid leaking WORKING credentials into the system :-)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
