[Help-gnu-radius] address@hidden: cascaded radius server]

[Frank Matthias]

Hi there,
I'm trying to cascade two RADIUS server.

My users file on the server communicate with NAS looks like this:
Follow up I call this server "the first one".

DEFAULT Auth-Type = Pam,
        Pam-Auth=radius,
        Simultaneous-Use = 1
   Service-Type = Exec-User

The second RADIUS server looks like this:

DEFAULT Auth-Type = System,
                 Simultaneous-Use = 1
   Service-Type = Exec-User

/etc/pam.d/radius on the first radius server looks like this:
auth       sufficient   /lib/security/pam_pwdb.so shadow nullok
auth       sufficient   /lib/security/pam_radius_auth.so
account    sufficient   /lib/security/pam_pwdb.so
account    sufficient   /lib/security/pam_radius_auth.so
session    sufficient   /lib/security/pam_pwdb.so
session    sufficient   /lib/security/pam_radius_auth.so

If the users are local on the first server, authentication process
should check /etc/passwd and /etc/shadow, all other requests should
forwarded to the second server.

The first part, the local resolution works fine, but the forwarding
doesn't work.

I'm a little bit confused, because I started snoop on the second
server. 
The second server gets a request from the first one, 
only if the local resolution failed, check the informations and send the correct
answer back, but the first one doesn't forward the correct answer to the
NAS, so every login failed.

I think there is no timer problem? I think that there are
a problem with the first RADIUS server.

Test Lab:
Cisco 2600 NAS, configured login authentication RADIUS on vty's.
Linux RedHat6.2, first RADIUS server
Solaris 2.6, second RADIUS server

Any ideas?


Best Regards
Matthias Frank