Hi...
My proxy setup seems to have a problem. I used the
NULL realm option for testing purposes. It looks like
this
realm NULL {
type = radius
authhost = 200.200.230.136:1812
accthost = 200.200.230.136:1813
secret = amin
}
when I send User information using Python radius
testing tools, the forwarding server send the access
request to the remote server, then the remote server
sent the access accept back to the forwarding
server..but in the forwarding server debug mode it
looks like this....
--------------------------------------------------
ad_recv: Access-Request packet from host
200.200.230.135:2071, id=197, length=43
User-Name = "omi"
User-Password = "omi"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok
for request 1
modcall[authorize]: module "chap" returns noop for
request 1
modcall[authorize]: module "mschap" returns noop for
request 1
rlm_realm: No '@' in User-Name = "omi", looking up
realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "omi"
rlm_realm: Proxying request from user omi to realm
NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Preparing to proxy authentication
request to realm "NULL"
modcall[authorize]: module "suffix" returns updated
for request 1
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for
request 1
radius_xlat: 'omi'
rlm_sql (sql): sql_set_user escaped user --> 'omi'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op
FROM radcheck WHERE Username = 'omi' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): User omi not found in radcheck
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username
= 'omi' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username
= 'omi' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): User omi not found in radgroupcheck
rlm_sql (sql): User not found
rlm_sql (sql): Released sql socket id: 3
modcall[authorize]: module "sql" returns notfound
for request 1
modcall: group authorize returns updated for request 1
Sending Access-Request of id 1 to 200.200.230.136:1812
User-Name = "omi"
User-Password = "omi"
NAS-IP-Address = 200.200.230.135
Proxy-State = 0x313937
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host
200.200.230.135:2071, id=197, length=43
Ignoring duplicate packet from client
200.200.230.135:2071 - ID: 197, due to outstanding
proxied request 1.
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Re-sending Access-Request of id 1 to
200.200.230.136:1812
User-Name = "omi"
User-Password =
"]=\222\006\353\003=q\262]\315\335\302o*\237"
NAS-IP-Address = 200.200.230.135
Client-IP-Address = 200.200.230.135
Stripped-User-Name = "omi"
Realm = "NULL"
Realm = "NULL"
Proxy-State = 0x313937
Waking up in 5 seconds...
rad_recv: Access-Request packet from host
200.200.230.135:2071, id=197, length=43
Ignoring duplicate packet from client
200.200.230.135:2071 - ID: 197, due to outstanding
proxied request 1.
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Re-sending Access-Request of id 1 to
200.200.230.136:1812
User-Name = "omi"
User-Password =
"]=\222\006\353\003=q\262]\315\335\302o*\237"
NAS-IP-Address = 200.200.230.135
Client-IP-Address = 200.200.230.135
Stripped-User-Name = "omi"
Realm = "NULL"
Realm = "NULL"
Proxy-State = 0x313937
Waking up in 5 seconds...
--- Walking the entire request list ---
Server rejecting request 1.
marking authentication server 200.200.230.136:1812 for
realm NULL dead
Waking up in 0 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 197 to
200.200.230.135:2071
Cleaning up request 1 ID 197 with timestamp 41cce718
Nothing to do. Sleeping until we see a request.
---------------------------------------------------
The client as the result dont get any response from
the forwarding server. The client of the forwarding
server are not being authenticated at all. Why is that
happen? I just want to make a simple setup for the
realm /proxy function. Can someone guide me how to
setup and test the simple configuration? Another thing
is, when I try the realm IP {---}, in the debug mode
it still looking for the realm NULL, and at the end no
proxy request being processed. Do I need to change the
ignore null in radiusd.conf? I confused about how the
realm process is done here..but i'm trying..Just need
some guide. Thanks
__________________________________
Do you Yahoo!?
All your favorites on one personal page – Try My Yahoo!
http://my.yahoo.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
