Proxy Problem with attrs and Cisco-AVPair

Mon, 10 May 2004 16:00:09 -0700 

Hi All,

I have two servers running freeradius-0.9.3, I am trying to proxy radius
request for a specific realm from one server (server1) to the other
(server2).  I believe I have updated radius.conf and attrs correctly as well
as proxy.conf and clients.conf.

Using radtest on server2 to initiate a query against server1 and then
viewing the debug -X log on server1 I can see the request is being proxied
and coming back and then seems to be getting stuck in the post-proxy
section.  This is where I am now stuck.

I need to be able to return multiple variable Cisco-AVPair attributes in the
proxied request ip:dns-servers and ip:route.

I have included below information that I thought may be useful to help with
this request.

Thanks for any and all help

Kind Regards

Ben

Attrs file

DEFAULT
        Service-Type == Framed-User,
        Service-Type == Login-User,
        Login-Service == Telnet,
        Login-Service == Rlogin,
        Login-Service == TCP-Clear,
        Login-TCP-Port <= 65536,
        Framed-IP-Address == 255.255.255.254,
        Framed-IP-Netmask == 255.255.255.255,
        Framed-Protocol == PPP,
        Framed-Protocol == SLIP,
        Framed-Compression == Van-Jacobson-TCP-IP,
        Framed-MTU >= 576,
        Framed-Filter-ID =* ANY,
        Reply-Message =* ANY,
        Proxy-State =* ANY,
        Session-Timeout <= 28800,
        Idle-Timeout <= 600,
        Port-Limit <= 2,
        Cisco-AVPair =* ANY

radiusd.conf file section

post-proxy {
#       attr_rewrite
        attr_filter
        eap
}


Debug:
Listening on IP address *, ports 1645/udp and 1646/udp, with proxy on
1647/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 213.170.128.11:32802, id=233,
length=80
        User-Name = "[EMAIL PROTECTED]"
        User-Password = "testing"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 1645
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat:
'/usr/local/var/log/radius/radacct/213.170.128.11/auth-detail-20040510'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/var/log/radius/radacct/213.170.128.11/auth-detail-20040510
  modcall[authorize]: module "auth_log" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "attr_filter" returns noop for request 0
  modcall[authorize]: module "eap" returns noop for request 0
    rlm_realm: No '/' in User-Name = "[EMAIL PROTECTED]", looking
up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "realmslash" returns noop for request 0
    rlm_realm: Looking up realm "proxy.c2internet.net" for User-Name =
"[EMAIL PROTECTED]"
    rlm_realm: Found realm "proxy.c2internet.net"
    rlm_realm: Proxying request from user testing to realm
proxy.c2internet.net
    rlm_realm: Adding Realm = "proxy.c2internet.net"
    rlm_realm: Preparing to proxy authentication request to realm
"proxy.c2internet.net"
  modcall[authorize]: module "suffix" returns updated for request 0
    users: Matched DEFAULT at 166
  modcall[authorize]: module "files" returns ok for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
modcall: group authorize returns updated for request 0
Sending Access-Request of id 1 to 213.170.128.11:1645
        User-Name = "[EMAIL PROTECTED]"
        User-Password = "testing"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 1645
        Proxy-State = 0x323333
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Accept packet from host 213.170.128.11:1645, id=1,
length=159
        Framed-IP-Address = 10.10.10.1
        Cisco-AVPair = "ip:route=213.170.150.8 255.255.255.252 10.10.10.1"
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Framed-IP-Netmask = 255.255.255.255
        Cisco-AVPair = "ip:dns-servers=213.170.128.16 213.170.128.150"
        Proxy-State = 0x323333
modcall: entering group post-proxy for request 0
  attr_filter: Matched entry DEFAULT at line 84
  modcall[post-proxy]: module "attr_filter" returns updated for request 0



Kind Regards

Ben Butler
++++++++++++++++++++++++++++++++++++++
C2 Internet Ltd
Alvaston House
Alvaston Business Park
Nantwich
Cheshire
CW5 6PF
W http://www.c2internet.net/
T +44-(0)845-658-0020
F +44-(0)845-658-0070

All quotes & services from C2 are bound by our standard terms and conditions
which are available on our website at:

http://www.c2internet.net/legal/main.htm#tandc


- ---------------------------------------------------------
 C2i Business Internet           http://www.c2internet.net/
 ----------------------------------------------------------
 This message has been checked for all known viruses by the 
 MessageLabs Virus Scanning Service.
 ----------------------------------------------------------

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to