I tried to set the Radius server (0.9.1 on Red Hat 9) so it can do
proxy. I use the sql module for authentication (mysql).
I have two users, [EMAIL PROTECTED]' and 'alex_chen'. in the DB.
I setup the proxy.conf like the followings so that if the proxy server
192.168.1.12 fails, it will try to authenticate locally. (Following the
sample in proxy.conf for round-robin proxy.)
proxy server {
synchronous = yes
retry_delay = 5
retry_count = 3
dead_time = 120
default_fallback = yes
post_proxy_authorize = no
}
realm myhome.com {
type = radius
authhost = 192.168.1.12:1812
accthost = 192.168.1.12:1813
secret = testing123
}
#
# The fail-over server
#
realm myhome.com {
type = radius
authhost = LOCAL
accthost = LOCAL
}
But when I run the radius with -X flag, I got the following message:
......
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=228, length=89
User-Name = "[EMAIL PROTECTED]"
User-Password = "alextest"
NAS-IP-Address = 192.168.2.1
NAS-Port = 1
NAS-Port-Id = "gateway"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_eap: EAP-Message not found
modcall[authorize]: module "eap" returns noop
rlm_realm: Looking up realm "myhome.com" for User-Name =
"[EMAIL PROTECTED]"
rlm_realm: Found realm "myhome.com"
rlm_realm: Adding Stripped-User-Name = "alex_chen"
rlm_realm: Proxying request from user alex_chen to realm myhome.com
rlm_realm: Adding Realm = "myhome.com"
rlm_realm: Preparing to proxy authentication request to realm
"myhome.com"
modcall[authorize]: module "suffix" returns updated
radius_xlat: 'alex_chen'
...
...
modcall: group authorize returns updated
Sending Access-Request of id 1 to 192.168.1.12:1812
User-Name = "alex_chen"
User-Password = "alextest"
NAS-IP-Address = 192.168.2.1
NAS-Port = 1
NAS-Port-Id = "gateway"
Proxy-State = "228"
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=228, length=89
Dropping conflicting packet from client localhost:1025 - ID: 228 due to
unfinished request 1
--- Walking the entire request list ---
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 224 with timestamp 3f8de7df
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=228, length=89
Dropping conflicting packet from client localhost:1025 - ID: 228 due to
unfinished request 1
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=228, length=89
Dropping conflicting packet from client localhost:1025 - ID: 228 due to
unfinished request 1
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=228, length=89
Dropping conflicting packet from client localhost:1025 - ID: 228 due to
unfinished request 1
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=228, length=89
Dropping conflicting packet from client localhost:1025 - ID: 228 due to
unfinished request 1
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=228, length=89
Dropping conflicting packet from client localhost:1025 - ID: 228 due to
unfinished request 1
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=228, length=89
Dropping conflicting packet from client localhost:1025 - ID: 228 due to
unfinished request 1
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=228, length=89
Dropping conflicting packet from client localhost:1025 - ID: 228 due to
unfinished request 1
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=228, length=89
Dropping conflicting packet from client localhost:1025 - ID: 228 due to
unfinished request 1
On the client side, I got the following message. (I use radclient to send
the packets)
Sending User-Name = [EMAIL PROTECTED], User-Password = "alextest",
NAS-IP-Address = 192.168.2.1, NAS-Port = 1, NAS-Port-Id = gateway to
/usr/local/bin/radclient -S secret_file localhost auth
radclient: no response from server
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
