Hi,
I'm using different radius-serversfor our NAS. The NAS are configuerd to use the
freeradiusd as there aaa servers. the freeradius servers works then as a proxy
server to the other radius-servers with the userdata. the other radiusserver
are not under my control :(
I have now following problem:
as soon the proxyradius includes Cisco-AVPairs in its replay the freeradiusd
stopps to handle packets. I can see that the radiusd receives the answer, but
it sends never this answer back to the NAS
I can workaround if I add the Cisco-AVPairs in the user-file, but since our
customer controlls there own radius-setup it's not a solution that I add some
of there configurationdata into my local userfile :(
Does somebody have a hint what goes wrong?
any help is welcome and fell free to ask more details if you need.
kind regards Ueli
freeradius -x writes following lines with my request:
flunder:/etc/freeradius# freeradius -v
freeradius: FreeRADIUS Version 0.9.3, for host i386-pc-linux-gnu, built on Dec 16 2003
at 18:51:12
flunder:/etc/freeradius# freeradius -x
Starting - reading configuration files ...
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded eap
rlm_eap: Loaded and initialized the type md5
rlm_eap: Loaded and initialized the type leap
Module: Instantiated eap (eap)
Module: Loaded preprocess
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
Module: Instantiated realm (suffix)
Module: Loaded files
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
Module: Instantiated detail (detail)
Module: Loaded System
Module: Instantiated unix (unix)
Module: Loaded radutmp
Module: Instantiated radutmp (radutmp)
Initializing the thread pool...
Listening on IP address a.b.c.67, ports 1816/udp and 1817/udp, with proxy on 1818/udp.
Ready to process requests.
rad_recv: Access-Request packet from host d.e.f.42:1645, id=122, length=91
Framed-Protocol = PPP
User-Name = "[EMAIL PROTECTED]"
CHAP-Password = 0xd48c80786d318896b5ac96a98e11e9a93f
NAS-Port-Type = Virtual
NAS-Port = 550
Service-Type = Framed-User
NAS-IP-Address = d.e.f.42
rlm_chap: Setting 'Auth-Type := CHAP'
Sending Access-Request of id 3 to a.b.c.67:1812
Framed-Protocol = PPP
User-Name = "[EMAIL PROTECTED]"
CHAP-Password = 0xd48c80786d318896b5ac96a98e11e9a93f
NAS-Port-Type = Virtual
NAS-Port = 550
Service-Type = Framed-User
NAS-IP-Address = d.e.f.42
CHAP-Challenge = 0x7481e0ed64eb0b643a056cf56500f70f
Proxy-State = 0x313232
rad_recv: Access-Accept packet from host a.b.c.67:1812, id=3, length=351
Framed-IP-Address = 192.168.255.9
Framed-Route = "172.16.23.0/24"
Cisco-AVPair = "ip:inacl#1=permit ip 172.16.23.0 0.0.0.255 192.168.0.0
0.0.255.255"
Cisco-AVPair = "ip:outacl#1=permit ip any 172.16.23.0 0.0.0.255"
Framed-Protocol = PPP
Framed-Routing = None
Framed-Compression = None
Service-Type = Framed-User
Proxy-State = 0x313232
rad_recv: Access-Request packet from host d.e.f.42:1645, id=122, length=91
Discarding new request from client zhenge-lns1:1645 - ID: 122 due to live request 4
rad_recv: Access-Request packet from host d.e.f.42:1645, id=122, length=91
Discarding new request from client zhenge-lns1:1645 - ID: 122 due to live request 4
and from this point no more packets are processed
--
"The software said it requires Windows 95 or better,
so I installed Linux"
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
