[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-devel
Subject: Re: Proxy question
From: aland () striker ! ottawa ! on ! ca
Date: 2001-05-18 15:13:59
[Download RAW message or body]
Bjorn Aberg <bjorn.aberg@axis.com> wrote:
> I have a problem though when doing proxy to another server (freeradius
> using the same module for auth & acct
> on another machine).
> The problem is that after the decision to proxy the request the local
> authenticate (in rlm_mymod) function is called and when receiving the
> access accept from the remote server,
Hmm... the authenticate function *shouldn't* be called twice. It
should only be called once. And if the request is proxied, then the
code should NOT do local authentication.
See src/main/auth.c, function rad_check_password(). If there's a
'request->proxy' entry, then the authentication has been done by the
proxy. The function returns, and the later call to
module_authenticate() isn't even done.
> ***************************************
> >>> mymod authenticate GETS CALLED >>>
> ***************************************
>
> modcall[autz]: Module at line 552 returns reject
> modcall[autz]: action for reject is return
> modcall[autz]: Group at line 548 returns reject
That is the *authorization* function of your module being called.
It is NOT the authentication function.
Maybe you have them confused.
And the proxy reply:
> ***************************************
> >>> mymod authenticate GETS CALLED >>>
> ***************************************
>
> modcall[autz]: Module at line 552 returns reject
Again, this is your modules authorization being called. It has
nothing to do with authentication.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic