I tried to set the Radius server (0.9.1 on Red Hat 9) so it can do proxy. I use the sql module for authentication (mysql).
I have two users, [EMAIL PROTECTED]' and 'alex_chen'. in the DB.
I setup the proxy.conf like the followings so that if the proxy server 192.168.1.12 fails, it will try to authenticate locally. (Following the sample in proxy.conf for round-robin proxy.)
proxy server { synchronous = yes
From /path/to/src/radiusd/raddb/proxy.conf:
"If this [synchrounous] is set to 'No', then we send the retries on our own schedule..."
"If you want to have the server send proxy retries ONLY when the NAS sends its retries to the server, then set this to 'yes', and the other proxy configuration parameters to 0 (zero)".
So, try setting synchronous to 'no' and see if you still have problems with the failover.
HTH,
Chris
retry_delay = 5 retry_count = 3 dead_time = 120 default_fallback = yes post_proxy_authorize = no }
realm myhome.com { type = radius authhost = 192.168.1.12:1812 accthost = 192.168.1.12:1813 secret = testing123 }
# # The fail-over server # realm myhome.com { type = radius authhost = LOCAL accthost = LOCAL }
But when I run the radius with -X flag, I got the following message:
...... Waking up in 5 seconds... rad_recv: Access-Request packet from host 127.0.0.1:1025, id=228, length=89 User-Name = "[EMAIL PROTECTED]" User-Password = "alextest" NAS-IP-Address = 192.168.2.1 NAS-Port = 1 NAS-Port-Id = "gateway" modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_eap: EAP-Message not found modcall[authorize]: module "eap" returns noop rlm_realm: Looking up realm "myhome.com" for User-Name = "[EMAIL PROTECTED]" rlm_realm: Found realm "myhome.com" rlm_realm: Adding Stripped-User-Name = "alex_chen" rlm_realm: Proxying request from user alex_chen to realm myhome.com rlm_realm: Adding Realm = "myhome.com" rlm_realm: Preparing to proxy authentication request to realm "myhome.com" modcall[authorize]: module "suffix" returns updated radius_xlat: 'alex_chen' ... ... modcall: group authorize returns updated Sending Access-Request of id 1 to 192.168.1.12:1812 User-Name = "alex_chen" User-Password = "alextest" NAS-IP-Address = 192.168.2.1 NAS-Port = 1 NAS-Port-Id = "gateway" Proxy-State = "228" Waking up in 5 seconds... rad_recv: Access-Request packet from host 127.0.0.1:1025, id=228, length=89 Dropping conflicting packet from client localhost:1025 - ID: 228 due to unfinished request 1 --- Walking the entire request list --- Waking up in 2 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 224 with timestamp 3f8de7df Waking up in 5 seconds... rad_recv: Access-Request packet from host 127.0.0.1:1025, id=228, length=89 Dropping conflicting packet from client localhost:1025 - ID: 228 due to unfinished request 1 --- Walking the entire request list --- Waking up in 5 seconds... rad_recv: Access-Request packet from host 127.0.0.1:1025, id=228, length=89 Dropping conflicting packet from client localhost:1025 - ID: 228 due to unfinished request 1 --- Walking the entire request list --- Waking up in 5 seconds... rad_recv: Access-Request packet from host 127.0.0.1:1025, id=228, length=89 Dropping conflicting packet from client localhost:1025 - ID: 228 due to unfinished request 1 --- Walking the entire request list --- Waking up in 5 seconds... rad_recv: Access-Request packet from host 127.0.0.1:1025, id=228, length=89 Dropping conflicting packet from client localhost:1025 - ID: 228 due to unfinished request 1 --- Walking the entire request list --- Waking up in 5 seconds... rad_recv: Access-Request packet from host 127.0.0.1:1025, id=228, length=89 Dropping conflicting packet from client localhost:1025 - ID: 228 due to unfinished request 1 --- Walking the entire request list --- Waking up in 5 seconds... rad_recv: Access-Request packet from host 127.0.0.1:1025, id=228, length=89 Dropping conflicting packet from client localhost:1025 - ID: 228 due to unfinished request 1 --- Walking the entire request list --- Waking up in 5 seconds... rad_recv: Access-Request packet from host 127.0.0.1:1025, id=228, length=89 Dropping conflicting packet from client localhost:1025 - ID: 228 due to unfinished request 1 --- Walking the entire request list --- Waking up in 5 seconds... rad_recv: Access-Request packet from host 127.0.0.1:1025, id=228, length=89 Dropping conflicting packet from client localhost:1025 - ID: 228 due to unfinished request 1
On the client side, I got the following message. (I use radclient to send the packets)
Sending User-Name = [EMAIL PROTECTED], User-Password = "alextest", NAS-IP-Address = 192.168.2.1, NAS-Port = 1, NAS-Port-Id = gateway to /usr/local/bin/radclient -S secret_file localhost auth radclient: no response from server
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--- Christopher Brotsos ([EMAIL PROTECTED]) Development Engineering StarNet/MegaPOP: http://www.megapop.net WX is wireless : http://www.starnetwx.net
This message is sent in confidence to the addressees.
It may contain privileged, proprietary, or confidential information.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
