Hello
I use freeradius-snapshot-20040314 and inserted the following on top of
the users file:
#---
DEFAULT Proxy-To-Realm := "dbzone"
Fall-Through = Yes
DEFAULT EAP-Type == PEAP, Proxy-To-Realm := LOCAL
Fall-Through = Yes
DEFAULT EAP-Type == EAP-TTLS, Proxy-To-Realm := LOCAL
Fall-Through = Yes
#---
The freeradius is supposed to locally terminate the TLS-Channel.
However, it forwards every packet to the realm "dbzone", which is a
second freeradius-server on 195.186.1.143. What's wrong? In the
following is the debug log.
Thank you
Roman
Tue Mar 23 13:52:01 2004 : Info: Ready to process requests.
rad_recv: Access-Request packet from host 195.186.248.36:21650, id=16,
length=127
User-Name = "wlantest1"
Framed-MTU = 1400
Called-Station-Id = "000f.24a0.aca0"
Calling-Station-Id = "0009.b741.3d5e"
Message-Authenticator = 0xeb96a7a46184a524d98af60348f27d35
EAP-Message = 0x0201000e01776c616e7465737431
NAS-Port-Type = Wireless-802.11
NAS-Port = 331
Service-Type = Framed-User
NAS-IP-Address = 195.186.248.36
Tue Mar 23 13:52:05 2004 : Debug: Processing the authorize section of
radiusd.conf
Tue Mar 23 13:52:05 2004 : Debug: modcall: entering group authorize for
request 0
Tue Mar 23 13:52:05 2004 : Debug: modsingle[authorize]: calling
preprocess (rlm_preprocess) for request 0
Tue Mar 23 13:52:05 2004 : Debug: modsingle[authorize]: returned from
preprocess (rlm_preprocess) for request 0
Tue Mar 23 13:52:05 2004 : Debug: modcall[authorize]: module
"preprocess" returns ok for request 0
Tue Mar 23 13:52:05 2004 : Debug: modsingle[authorize]: calling chap
(rlm_chap) for request 0
Tue Mar 23 13:52:05 2004 : Debug: modsingle[authorize]: returned from
chap (rlm_chap) for request 0
Tue Mar 23 13:52:05 2004 : Debug: modcall[authorize]: module "chap"
returns noop for request 0
Tue Mar 23 13:52:05 2004 : Debug: modsingle[authorize]: calling mschap
(rlm_mschap) for request 0
Tue Mar 23 13:52:05 2004 : Debug: modsingle[authorize]: returned from
mschap (rlm_mschap) for request 0
Tue Mar 23 13:52:05 2004 : Debug: modcall[authorize]: module "mschap"
returns noop for request 0
Tue Mar 23 13:52:05 2004 : Debug: modsingle[authorize]: calling suffix
(rlm_realm) for request 0
Tue Mar 23 13:52:05 2004 : Debug: rlm_realm: No '@' in User-Name =
"wlantest1", looking up realm NULL
Tue Mar 23 13:52:05 2004 : Debug: rlm_realm: No such realm "NULL"
Tue Mar 23 13:52:05 2004 : Debug: modsingle[authorize]: returned from
suffix (rlm_realm) for request 0
Tue Mar 23 13:52:05 2004 : Debug: modcall[authorize]: module "suffix"
returns noop for request 0
Tue Mar 23 13:52:05 2004 : Debug: modsingle[authorize]: calling eap
(rlm_eap) for request 0
Tue Mar 23 13:52:05 2004 : Debug: rlm_eap: EAP packet type response id
1 length 14
Tue Mar 23 13:52:05 2004 : Debug: rlm_eap: No EAP Start, assuming it's
an on-going EAP conversation
Tue Mar 23 13:52:05 2004 : Debug: modsingle[authorize]: returned from
eap (rlm_eap) for request 0
Tue Mar 23 13:52:05 2004 : Debug: modcall[authorize]: module "eap"
returns updated for request 0
Tue Mar 23 13:52:05 2004 : Debug: modsingle[authorize]: calling files
(rlm_files) for request 0
Tue Mar 23 13:52:05 2004 : Debug: users: Matched DEFAULT at 66
Tue Mar 23 13:52:05 2004 : Debug: modsingle[authorize]: returned from
files (rlm_files) for request 0
Tue Mar 23 13:52:05 2004 : Debug: modcall[authorize]: module "files"
returns ok for request 0
Tue Mar 23 13:52:05 2004 : Debug: modcall: group authorize returns
updated for request 0
Sending Access-Request of id 1 to 195.186.1.143:1812
User-Name = "wlantest1"
Framed-MTU = 1400
Called-Station-Id = "000f.24a0.aca0"
Calling-Station-Id = "0009.b741.3d5e"
Message-Authenticator = 0x00000000000000000000000000000000
EAP-Message = 0x0201000e01776c616e7465737431
NAS-Port-Type = Wireless-802.11
NAS-Port = 331
Service-Type = Framed-User
NAS-IP-Address = 195.186.248.36
Proxy-State = 0x3136
Tue Mar 23 13:52:05 2004 : Debug: --- Walking the entire request list
---
Tue Mar 23 13:52:05 2004 : Debug: Waking up in 6 seconds...
rad_recv: Access-Challenge packet from host 195.186.1.143:1812, id=1,
length=84
EAP-Message = 0x0102001604107dbd200e8a0a1de34d452d90d1ff8c3a
Message-Authenticator = 0xe782985270084d9772347a9dbfe9d7ba
State = 0x8d3739a4b75ba8ea8a63055bbf9867f5
Proxy-State = 0x3136
Tue Mar 23 13:52:06 2004 : Debug: Processing the post-proxy section of
radiusd.conf
Tue Mar 23 13:52:06 2004 : Debug: modcall: entering group post-proxy for
request 0
Tue Mar 23 13:52:06 2004 : Debug: modsingle[post-proxy]: calling eap
(rlm_eap) for request 0
Tue Mar 23 13:52:06 2004 : Debug: modsingle[post-proxy]: returned from
eap (rlm_eap) for request 0
Tue Mar 23 13:52:06 2004 : Debug: modcall[post-proxy]: module "eap"
returns noop for request 0
Tue Mar 23 13:52:06 2004 : Debug: modcall: group post-proxy returns noop
for request 0
Sending Access-Challenge of id 16 to 195.186.248.36:21650
EAP-Message = 0x0102001604107dbd200e8a0a1de34d452d90d1ff8c3a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8d3739a4b75ba8ea8a63055bbf9867f5
Tue Mar 23 13:52:06 2004 : Debug: Finished request 0
Tue Mar 23 13:52:06 2004 : Debug: Going to the next request
Tue Mar 23 13:52:06 2004 : Debug: --- Walking the entire request list
---
Tue Mar 23 13:52:06 2004 : Debug: Waking up in 6 seconds...
rad_recv: Access-Request packet from host 195.186.248.36:21650, id=17,
length=137
User-Name = "wlantest1"
Framed-MTU = 1400
Called-Station-Id = "000f.24a0.aca0"
Calling-Station-Id = "0009.b741.3d5e"
Message-Authenticator = 0x47a475eb727033fd3b9ca0b08bab341f
EAP-Message = 0x020200060319
NAS-Port-Type = Wireless-802.11
NAS-Port = 331
State = 0x8d3739a4b75ba8ea8a63055bbf9867f5
Service-Type = Framed-User
NAS-IP-Address = 195.186.248.36
Tue Mar 23 13:52:06 2004 : Debug: Processing the authorize section of
radiusd.conf
Tue Mar 23 13:52:06 2004 : Debug: modcall: entering group authorize for
request 1
Tue Mar 23 13:52:06 2004 : Debug: modsingle[authorize]: calling
preprocess (rlm_preprocess) for request 1
Tue Mar 23 13:52:06 2004 : Debug: modsingle[authorize]: returned from
preprocess (rlm_preprocess) for request 1
Tue Mar 23 13:52:06 2004 : Debug: modcall[authorize]: module
"preprocess" returns ok for request 1
Tue Mar 23 13:52:06 2004 : Debug: modsingle[authorize]: calling chap
(rlm_chap) for request 1
Tue Mar 23 13:52:06 2004 : Debug: modsingle[authorize]: returned from
chap (rlm_chap) for request 1
Tue Mar 23 13:52:06 2004 : Debug: modcall[authorize]: module "chap"
returns noop for request 1
Tue Mar 23 13:52:06 2004 : Debug: modsingle[authorize]: calling mschap
(rlm_mschap) for request 1
Tue Mar 23 13:52:06 2004 : Debug: modsingle[authorize]: returned from
mschap (rlm_mschap) for request 1
Tue Mar 23 13:52:06 2004 : Debug: modcall[authorize]: module "mschap"
returns noop for request 1
Tue Mar 23 13:52:06 2004 : Debug: modsingle[authorize]: calling suffix
(rlm_realm) for request 1
Tue Mar 23 13:52:06 2004 : Debug: rlm_realm: No '@' in User-Name =
"wlantest1", looking up realm NULL
Tue Mar 23 13:52:06 2004 : Debug: rlm_realm: No such realm "NULL"
Tue Mar 23 13:52:06 2004 : Debug: modsingle[authorize]: returned from
suffix (rlm_realm) for request 1
Tue Mar 23 13:52:06 2004 : Debug: modcall[authorize]: module "suffix"
returns noop for request 1
Tue Mar 23 13:52:06 2004 : Debug: modsingle[authorize]: calling eap
(rlm_eap) for request 1
Tue Mar 23 13:52:06 2004 : Debug: rlm_eap: EAP packet type response id
2 length 6
Tue Mar 23 13:52:06 2004 : Debug: rlm_eap: No EAP Start, assuming it's
an on-going EAP conversation
Tue Mar 23 13:52:06 2004 : Debug: modsingle[authorize]: returned from
eap (rlm_eap) for request 1
Tue Mar 23 13:52:06 2004 : Debug: modcall[authorize]: module "eap"
returns updated for request 1
Tue Mar 23 13:52:06 2004 : Debug: modsingle[authorize]: calling files
(rlm_files) for request 1
Tue Mar 23 13:52:06 2004 : Debug: users: Matched DEFAULT at 66
Tue Mar 23 13:52:06 2004 : Debug: modsingle[authorize]: returned from
files (rlm_files) for request 1
Tue Mar 23 13:52:06 2004 : Debug: modcall[authorize]: module "files"
returns ok for request 1
Tue Mar 23 13:52:06 2004 : Debug: modcall: group authorize returns
updated for request 1
Sending Access-Request of id 2 to 195.186.1.143:1812
User-Name = "wlantest1"
Framed-MTU = 1400
Called-Station-Id = "000f.24a0.aca0"
Calling-Station-Id = "0009.b741.3d5e"
Message-Authenticator = 0x00000000000000000000000000000000
EAP-Message = 0x020200060319
NAS-Port-Type = Wireless-802.11
NAS-Port = 331
State = 0x8d3739a4b75ba8ea8a63055bbf9867f5
Service-Type = Framed-User
NAS-IP-Address = 195.186.248.36
Proxy-State = 0x3137
Tue Mar 23 13:52:06 2004 : Debug: Waking up in 6 seconds...
rad_recv: Access-Reject packet from host 195.186.1.143:1812, id=2,
length=48
EAP-Message = 0x04020004
Message-Authenticator = 0x3b6edcbeb54468b25dbf157efa3b4c02
Proxy-State = 0x3137
Tue Mar 23 13:52:08 2004 : Debug: Processing the post-proxy section of
radiusd.conf
Tue Mar 23 13:52:08 2004 : Debug: modcall: entering group post-proxy for
request 1
Tue Mar 23 13:52:08 2004 : Debug: modsingle[post-proxy]: calling eap
(rlm_eap) for request 1
Tue Mar 23 13:52:08 2004 : Debug: modsingle[post-proxy]: returned from
eap (rlm_eap) for request 1
Tue Mar 23 13:52:08 2004 : Debug: modcall[post-proxy]: module "eap"
returns noop for request 1
Tue Mar 23 13:52:08 2004 : Debug: modcall: group post-proxy returns noop
for request 1
Tue Mar 23 13:52:08 2004 : Debug: Delaying request 1 for 1 seconds
Tue Mar 23 13:52:08 2004 : Debug: Finished request 1
Tue Mar 23 13:52:08 2004 : Debug: Going to the next request
Tue Mar 23 13:52:08 2004 : Debug: --- Walking the entire request list
---
Tue Mar 23 13:52:08 2004 : Debug: Waking up in 1 seconds...
Tue Mar 23 13:52:09 2004 : Debug: --- Walking the entire request list
---
Tue Mar 23 13:52:09 2004 : Debug: Waking up in 1 seconds...
Tue Mar 23 13:52:10 2004 : Debug: --- Walking the entire request list
---
Sending Access-Reject of id 17 to 195.186.248.36:21650
EAP-Message = 0x04020004
Message-Authenticator = 0x00000000000000000000000000000000
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
