I would check on the accounting. You have it set as port 1813, whereas it would usually be 1646 on a system with authentication at port 1645.
If you have access to swpa.sbs.sk, try running radiusd in the foreground (radiusd -X) and watch what it tells you when you send the request. All The Best, Brian Andrus Millenia Internet Services, Inc. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Szelepcsenyi Robert Sent: Friday, May 07, 2004 7:09 AM To: [EMAIL PROTECTED] Subject: radius server hangs after a correct login authenticated through proxy I need to set up a Freeradius server proxying certain requests to another radius server (Safeword Premier Access) in other to authenticate users with tokens. All other users are to be authenticated locally. My problem is: If I supply a correct password, the thread serving the request gets into an infinite loop eating almost 100% of CPU time. Bad passwords are rejected correctly. The only thing I have configured (besides shared sercrets) is that I defined "myrealm" in proxy.conf file: realm myrealm { type = radius authhost = swpa.sbs.sk:1645 accthost = swpa.sbs.sk:1813 secret = mysecret } When I try to log into the router as [EMAIL PROTECTED] supplying an incorrect password, the request is successfully refused. However, when I supply a correct password, the thread serving the request receives an Access-Accept packet from the home server, but following that it gets into an infinite loop and fails to send any response to the NAS. After a while the master process logs "WARNING: Unresponsive child (id XXXXX) for request YY". strace or ltrace on the blocked thread did not yield anything. My OS is SuSE 9.0. I tried both the SuSE package (version 0.9.0) and and a binary compiled from the sources (version 0.9.3). I suppose that I am missing something in my configuration (although the server should not get into an infinite loop). Any help will be appreciated. the output from "radiusd -xx" is: **************** Incorrect password supplied ********************* rad_recv: Access-Request packet from host 163.242.48.9:1645, id=105, length=66 Thread 1 assigned request 0 --- Walking the entire request list --- Threads: total/active/spare threads = 5/1/4 Waking up in 5 seconds... Thread 1 handling request 0, (1 handled so far) NAS-IP-Address = 163.242.48.9 NAS-Port = 0 User-Name = "[EMAIL PROTECTED]" User-Password = "123456" modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "eap" returns noop for request 0 rlm_realm: Looking up realm "myrealm" for User-Name = "[EMAIL PROTECTED]" rlm_realm: Found realm "myrealm" rlm_realm: Adding Stripped-User-Name = "robert" rlm_realm: Proxying request from user robert to realm myrealm rlm_realm: Adding Realm = "myrealm" rlm_realm: Preparing to proxy authentication request to realm "myrealm" modcall[authorize]: module "suffix" returns updated for request 0 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 modcall: group authorize returns updated for request 0 Sending Access-Request of id 1 to 163.242.54.177:1645 User-Name = "robert" NAS-IP-Address = 163.242.48.9 NAS-Port = 0 User-Password = "123456" Proxy-State = 0x313035 Thread 1 waiting to be assigned a request rad_recv: Access-Reject packet from host 163.242.54.177:1645, id=1, length=28 Thread 2 assigned request 0 --- Walking the entire request list --- Waking up in 5 seconds... Thread 2 handling request 0, (1 handled so far) Reply-Message = "\n" Proxy-State = 0x313035 modcall: entering group post-proxy for request 0 modcall[post-proxy]: module "eap" returns noop for request 0 modcall: group post-proxy returns noop for request 0 Delaying request 0 for 1 seconds Finished request 0 Going to the next request Thread 2 waiting to be assigned a request --- Walking the entire request list --- Threads: total/active/spare threads = 5/0/5 Sending Access-Reject of id 105 to 163.242.48.9:1645 Reply-Message = "\n" Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 105 with timestamp 409b9368 Nothing to do. Sleeping until we see a request. **************** Correct password supplied ********************* rad_recv: Access-Request packet from host 163.242.48.9:1645, id=107, length=66 Thread 1 assigned request 0 --- Walking the entire request list --- Threads: total/active/spare threads = 5/1/4 Waking up in 5 seconds... Thread 1 handling request 0, (1 handled so far) NAS-IP-Address = 163.242.48.9 NAS-Port = 0 User-Name = "[EMAIL PROTECTED]" User-Password = "fp5cp7" modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "eap" returns noop for request 0 rlm_realm: Looking up realm "myrealm" for User-Name = "[EMAIL PROTECTED]" rlm_realm: Found realm "myrealm" rlm_realm: Adding Stripped-User-Name = "robert" rlm_realm: Proxying request from user robert to realm myrealm rlm_realm: Adding Realm = "myrealm" rlm_realm: Preparing to proxy authentication request to realm "myrealm" modcall[authorize]: module "suffix" returns updated for request 0 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 modcall: group authorize returns updated for request 0 Sending Access-Request of id 1 to 163.242.54.177:1645 User-Name = "robert" NAS-IP-Address = 163.242.48.9 NAS-Port = 0 User-Password = "fp5cp7" Proxy-State = 0x313037 Thread 1 waiting to be assigned a request rad_recv: Access-Accept packet from host 163.242.54.177:1645, id=1, length=125 Thread 2 assigned request 0 --- Walking the entire request list --- Waking up in 5 seconds... Thread 2 handling request 0, (1 handled so far) Service-Type = Framed-User Framed-Protocol = PPP Cisco-AVPair = "lcp:callback-dialstring=" Cisco-AVPair = "lcp:nocallback-verify=1" Cisco-AVPair = "ip:addr-pool=main_pool" modcall: entering group post-proxy for request 0 --- Walking the entire request list --- Waking up in 5 seconds... rad_recv: Access-Request packet from host 163.242.48.9:1645, id=107, length=66 Discarding new request from client cisco2500:1645 - ID: 107 due to live request 0 --- Walking the entire request list --- Waking up in 5 seconds... --- Walking the entire request list --- Waking up in 5 seconds... rad_recv: Access-Request packet from host 163.242.48.9:1645, id=107, length=66 Discarding new request from client cisco2500:1645 - ID: 107 due to live request 0 --- Walking the entire request list --- Waking up in 5 seconds... --- Walking the entire request list --- Waking up in 5 seconds... rad_recv: Access-Request packet from host 163.242.48.9:1645, id=107, length=66 Discarding new request from client cisco2500:1645 - ID: 107 due to live request 0 --- Walking the entire request list --- Waking up in 5 seconds... --- Walking the entire request list --- WARNING: Unresponsive child (id 32771) for request 0 Server rejecting request 0. Waking up in 5 seconds... --- Walking the entire request list --- Waking up in 5 seconds... --- Walking the entire request list --- Waking up in 5 seconds... --- Walking the entire request list --- Waking up in 5 seconds... Robert Szelepcs�nyi Operation Related Services Siemens Business Services s.r.o. Stromov� 9 830 07 BRATISLAVA Slovesk� republika * (+421 2) 5968 4914 * (+421 903) 634 844 * [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
