Proxy and Attribute Filtering

Wed, 05 May 2004 09:53:20 -0700 

Hi all, 

I got an issue with both versions 0.8.1 and 0.9.3
I have the following configuration :

  Client ----- Proxy running freeradius -------- Server

1) Using radtest directly from the proxy to the serveur is OK.
( ie. I get an Access-Accept response )

2) When a client sends a request to the proxy, the proxy does
his work and forward the request to the server.
But for an unknown reason, the server sends a "Packet Error" 
response.

Here is a trace on the proxy using radiusd -X :
rad_recv: Access-Request packet from host @IP1:10812, id=4, length=157
        NAS-IP-Address = @IP2
        NAS-Identifier = "noname"
        Called-Station-Id = "noname2"
        Service-Type = Framed-User
        Framed-Protocol = GPRS-PDP-Context
        NAS-Port-Type = Virtual
        User-Name = "username"
        User-Password = "passwd"
        Calling-Station-Id = "phonenumber"
        Attr-682557446 = 0x500a0068
        Attr-682557452 = 0x30
Sending Access-Request of id 1 to @IP3:1645
        User-Name = "username"
        NAS-IP-Address = @IP2
        NAS-Identifier = "noname"
        Called-Station-Id = "noname2"
        Service-Type = Framed-User
        Framed-Protocol = GPRS-PDP-Context
        NAS-Port-Type = Virtual
        User-Password = "passwd"
        Calling-Station-Id = "phonenumber"
        Attr-682557446 = 0x500a0068
        Attr-682557452 = 0x30
        Proxy-State = 0x34
rad_recv: Access-Reject packet from host @IP3:1645, id=1, length=34
        Reply-Message = "Packet Error"

I may have an explanation of the problem, but I am not sure of 
the behavior of the radius protocol :

1) the client sends a request to the proxy
2) The proxy gets the request, the NAS-IP-Address attribute is 
the IP address of the client ( say @IP2 ).
3) The proxy forwards the request to the server, IT DOES NOT 
MODIFY THE NAS-IP-Address attribute ( I checked this while debugging )
4) The server gets a request from the IP of proxy, but with [EMAIL PROTECTED]

May my problem be in the fact that IP of proxy != @IP2 ?
How can I modify the NAS-IP-Address before sending it to the server.
I tried to use attr_rewrite module in the pre_proxy section, but it does 
nothing ...

Any help would really be appreciated.



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to