Apparently, freeradius maintains the proxy-state elsewhere because I ran a test and it
worked.
However, apparently some implementations may actually forward proxy states along the
path...why? I don't know...other than broken radius servers:
If a Proxy-State Attribute is added to a packet when forwarding
the packet, the Proxy-State Attribute MUST be added after any
existing Proxy-State attributes.
http://www.freeradius.org/rfc/rfc2865.html#Proxy-State
Anyway it worked, thanks Alan:
[eric@thread ~]$ echo "User-Name = "[EMAIL PROTECTED]", CHAP-Password = "test",
NAS-Port=10, NAS-Port-Type=0, NAS-Identifier=RadTest, Proxy-State = "1234" " |
radclient -r 1 -t 5 -d /usr/local/radius/etc/ 192.168.1.1:1645 01 test
Received response ID 18, code 2, length = 392
Port-Limit = 2
Framed-IP-Address = 255.255.255.254
Framed-IP-Netmask = 255.255.255.255
Service-Type = Framed-User
Framed-Protocol = PPP
Session-Timeout = 28800
Idle-Timeout = 900
Ascend-Idle-Limit = 900
Ascend-Maximum-Time = 28800
Proxy-State = "1234"
---------- Original Message ----------------------------------
From: Chris Parker <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date: Fri, 31 May 2002 12:33:36 -0500
>At 01:06 PM 5/31/2002 -0400, Alan DeKok wrote:
>>"eric " <[EMAIL PROTECTED]> wrote:
>> > I searched through the CVS and probably overlooked the mod. Could
>> > you send me the oneliner?
>>
>>
>> if (request->proxy_reply->vps) {
>> request->reply->vps = request->proxy_reply->vps;
>>+ pairdelete(&request->reply->vps, PW_PROXY_STATE);
>> request->reply->code = request->proxy_reply->code;
>> request->proxy_reply->vps = NULL;
>> }
>
>This assumes we are sending to a NAS, which we can't. Consider a two
>stage proxy:
>
>NAS -> ISP1 -> ISP2 [ -> ISP3 ] ( we are ISP2 )
>
>ISP1 *must* receive back the Proxy-State that it added, if it added one.
>
>pairdelete() removes all instances it finds ( including ISP1's ).
>
>IE, ISP1 adds proxy-state = "foo"
> ISP2 adds Proxy-State = "bar"
>
>Reply from ISP3 looks like:
>
> Blah = "blah",
> Proxy-State = "foo",
> Proxy-State = "bar",
> Blah = "blah"
>
>The reply going back to ISP1 should be:
>
> Blah = "blah",
> Proxy-State = "foo"
> Blah = "blah"
>
>I'm working on a patch to do this, unless you want to take a stab
>at it. :)
>
>-Chris
>--
> \\\|||/// \ StarNet Inc. \ Chris Parker
> \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering
> | @ @ | \ http://www.starnetwx.net \ (847) 963-0116
>oOo---(_)---oOo--\------------------------------------------------------
> \ Wholesale Internet Services - http://www.megapop.net
>
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
________________________________________________________________
Sent via the WebMail system at purespeed.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
