[>] Without treataslocal set, RadiusNT is proxying to
itself. RadiusNT
[>] always records all accounting records that go through
it. Therefore,
[>] it logs the herbie@via.at, and then proxies the request
back to
[>] itself with just herbie, which is then logged again.
You need to set
[>] the treataslocal option to 1 to prevent this.
[>] You wold need to enable the treataslocal for the via.at
domain,
[>] restart RadiusNT, and send in the -x15 debug for a
login attempt
[>] for someone logging in with user@via.at.
As I indicated in my original mailing, RadiusNT doesn't authenticate
properly if the treataslocal flag is set. But I did follow your advice
and tried it again. I restarted radiusnt and it did authenticate
"herbie/herbiespwd" but not "herbie@via.at/herbiespwd".
A few more details about our configuration:
We have 4 records in RadRoamDomains, 1 DEFAULT-domain which has the
highest priority and points to a roaming-server
(RadRoamServers.TreatAsLocal = 0 and RadRoamServers.StripDomain = 0).
Then the already described via.at domain with second highest priority
and 2 other domains which we administer and have the lowest priority
(TreatAsLocal = 1 and StripDomain = 0). The only one which doesn't work
as expected is via.at.
The debug output for herbie / herbiespwd is:
RadiusNT 2.5.162 Enterprise Initialized...
radrecv: Request from host 7f000001 code=1, id=69, length=58
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
User-Name = "herbie"
User-Password =
"\251W\203{\271R\347\011I\246\023(\345\214\010\323"
rad_authenticate_ODBC()
User-Password =
"\251W\203{\271R\347\011I\246\023(\345\214\010\323"
SQL Statement: Select DateDiff(Minute, GetDate(),
DateAdd(Day,(ma.Extension+ma.OverDue+1), maExpireDate)),
DateDiff(Minute, GetDate(), DateAdd(Day, sa.Extension+1, saExpireDate)),
sa.AccountID, sa.AccountType, sa.Password, sa.Login, sa.Shell From
MasterAccounts ma, SubAccounts sa Where sa.Login='herbie' AND
ma.CustomerID=sa.CustomerID and sa.Active<>0 and ma.Active<>0
Decrypted Password: herbiespwd
Database Password: herbiespwd
SQL Statement: RadGetConfigs 2
Loading radius defaults for this type...
SQL Statement: RadGetATConfigs 'PPP'
Service-Type = 2 (2)
Framed-Protocol = 1 (1)
Sending Ack of id 69 to 7f000001 (localhost)
Service-Type = Framed
Framed-Protocol = PPP
Resp Time: 471 Auth: 1/0 -> 1 Acct: 0/0/0 -> 0
The debug-output for herbie@via.at / herbiespwd:
radrecv: Request from host 7f000001 code=1, id=13, length=65
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
User-Name = "herbie@via.at"
User-Password = "?\343\257\310\2203S\264\373\305w\305b\243P\302"
rad_authenticate_ODBC()
User-Password = "?\343\257\310\2203S\264\373\305w\305b\243P\302"
SQL Statement: Select DateDiff(Minute, GetDate(), DateAdd(Day,
ma.Extension+ma.OverDue+1)
, maExpireDate)), DateDiff(Minute, GetDate(), DateAdd(Day,
sa.Extension+1, saExpireDate)),
sa.AccountID, sa.AccountType, sa.Password, sa.Login, sa.Shell