We have recently loaded freeradius 0.9.3 on server A and got it working with proxy. We
have tried to duplicate it on server B to have as a backup, but we cannot get it to
allow the proxy radius to work. Our users are in a sql database and we set up the
proxy.conf file for the outside radius server. We even tried copying the radius config
files from server A to server B, but that didn't help.
A difference that we see when we run it with "radiusd -X" (we have pasted in some of
the output further below) is the line right after the user listing information and
"Connect-Info". On server A (that is working) the next two lines say:
modcall: entering group preacct for request 16
modcall[preacct]: module "preprocess" returns noop for request 16
and on server B (that is not working) it says:
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
We do not know what would be causing this difference or if there is something else
that is the problem.
1) What makes one server go to modcall preacct and the other go to modcall authorize?
2) How do we correct this?
3) If this is not the problem, what is the problem and how do we fix it?
Server B radiusd -X output (NOT logging on proxy users):
----------------------------------------------------------------------------
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.123.36:1060, id=7, length=113
User-Name = "[EMAIL PROTECTED]"
User-Password = "password"
NAS-IP-Address = 192.168.123.36
NAS-Port = 6240
NAS-Port-Type = Async
Service-Type = Framed-User
Framed-Protocol = PPP
Connect-Info = "21600 LAPM/V42BIS"
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "eap" returns noop for request 0
rlm_realm: Looking up realm "PROXYDOMAIN.com" for User-Name = "[EMAIL PROTECTED]"
rlm_realm: Found realm "PROXYDOMAIN.com"
rlm_realm: Proxying request from user test to realm PROXYDOMAIN.com
rlm_realm: Adding Realm = "PROXYDOMAIN.com"
rlm_realm: Preparing to proxy authentication request to realm "PROXYDOMAIN.com"
modcall[authorize]: module "suffix" returns updated for request 0
radius_xlat: '[EMAIL PROTECTED]'
rlm_sql (sql): sql_set_user escaped user --> '[EMAIL PROTECTED]'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username =
'[EMAIL PROTECTED]' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = '[EMAIL PROTECTED]' ORDER BY id
rlm_sql (sql): User [EMAIL PROTECTED] not found in radcheck
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
rlm_sql_mysql: query: SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql_mysql: query: SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): User [EMAIL PROTECTED] not found in radgroupcheck
rlm_sql (sql): User not found
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns notfound for request 0
modcall[authorize]: module "mschap" returns noop for request 0
modcall: group authorize returns updated for request 0
Sending Access-Request of id 1 to X.X.X.X:1645
User-Name = "[EMAIL PROTECTED]"
User-Password = "password"
NAS-IP-Address = 192.168.123.36
NAS-Port = 6240
NAS-Port-Type = Async
Service-Type = Framed-User
Framed-Protocol = PPP
Connect-Info = "21600 LAPM/V42BIS"
Proxy-State = 0x37
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.123.36:1060, id=7, length=113
Dropping conflicting packet from client pm4-1:1060 - ID: 7 due to unfinished request 0
--- Walking the entire request list ---
Waking up in 2 seconds...
--- Walking the entire request list ---
Re-sending Access-Request of id 1 to X.X.X.X:1645
User-Name = "[EMAIL PROTECTED]"
User-Password = "\000\347~&[EMAIL PROTECTED]"
NAS-IP-Address = 192.168.123.36
NAS-Port = 6240
NAS-Port-Type = Async
Service-Type = Framed-User
Framed-Protocol = PPP
Connect-Info = "21600 LAPM/V42BIS"
Client-IP-Address = 192.168.123.36
Realm = "PROXYDOMAIN.com"
Realm = "PROXYDOMAIN.com"
Proxy-State = 0x37
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.123.36:1060, id=7, length=113
Dropping conflicting packet from client pm4-1:1060 - ID: 7 due to unfinished request 0
--- Walking the entire request list ---
Server A radiusd -X output (IS loggin on proxy users):
-------------------------------------------------------------------------
Nothing to do. Sleeping until we see a request.
rad_recv: Accounting-Request packet from host 192.168.123.36:1060, id=239, length=188
Acct-Session-Id = "28600087"
User-Name = "[EMAIL PROTECTED]"
NAS-IP-Address = 192.168.123.36
NAS-Port = 6240
NAS-Port-Type = Async
Acct-Status-Type = Stop
Acct-Session-Time = 438
Acct-Authentic = RADIUS
Connect-Info = "21600 LAPM/V42BIS"
Acct-Input-Octets = 8631
Acct-Output-Octets = 27032
Acct-Terminate-Cause = User-Request
LE-Terminate-Detail = "User Request - PPP Term Req"
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 192.168.123.194
Acct-Delay-Time = 0
modcall: entering group preacct for request 16
modcall[preacct]: module "preprocess" returns noop for request 16
rlm_realm: Looking up realm "PROXYDOMAIN.com" for User-Name = "[EMAIL PROTECTED]"
rlm_realm: Found realm "PROXYDOMAIN.com"
rlm_realm: Proxying request from user test to realm PROXYDOMAIN.com
rlm_realm: Adding Realm = "PROXYDOMAIN.com"
rlm_realm: Preparing to proxy accounting request to realm "PROXYDOMAIN.com"
modcall[preacct]: module "suffix" returns updated for request 16
modcall[preacct]: module "files" returns noop for request 16
modcall: group preacct returns updated for request 16
modcall: entering group accounting for request 16
rlm_acct_unique: WARNING: Attribute NAS-Port-Id was not found in request, unique ID
MAY be inconsistent
rlm_acct_unique: Hashing ',Client-IP-Address = 192.168.123.36,NAS-IP-Address =
192.168.123.36,Acct-Session-Id = "28600087",User-Name = "[EMAIL PROTECTED]"'
rlm_acct_unique: Acct-Unique-Session-ID = "3b30cbe5f2085d22".
modcall[accounting]: module "acct_unique" returns ok for request 16
radius_xlat: '/usr/local/var/log/radius/radacct/192.168.123.36/detail-20040509'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/192.168.123.36/detail-20040509
rlm_detail: Freeradius-Proxied-To set to X.X.X.X
modcall[accounting]: module "detail" returns ok for request 16
rlm_counter: Packet Unique ID = '3b30cbe5f2085d22'
rlm_counter: Counter Unique ID = 'edfcde098b5b5a7c'
rlm_counter: [EMAIL PROTECTED], Counter=2787.
rlm_counter: [EMAIL PROTECTED], New Counter=3225.
modcall[accounting]: module "daily" returns ok for request 16
modcall[accounting]: module "unix" returns ok for request 16
radius_xlat: '[EMAIL PROTECTED]'
rlm_sql (sql): sql_set_user escaped user --> '[EMAIL PROTECTED]'
radius_xlat: 'UPDATE radacct SET AcctStopTime = '2004-05-09 13:48:04',
AcctSessionTime = '438', AcctInputOctets = '8631', AcctOutputOctets = '27032',
AcctTerminateCause = 'User-Request', AcctStopDelay = '0', ConnectInfo_stop = '21600
LAPM/V42BIS' WHERE AcctSessionId = '28600087' AND UserName = '[EMAIL PROTECTED]' AND
NASIPAddress = '192.168.123.36' AND AcctStopTime = 0'
radius_xlat: '/usr/local/etc/raddb/sqltrace.sql'
Thanks much
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
