Thanks Alan.
I try to get user authentication using the python
testing tools. From what I get, the users from home
server (the remote server) were authenticated, but
users from the forwarding server failed to get their
authentication. in the proxy.conf, the configuration
are
______________________________________________________
realm 200.200.230.136 {
type = radius
authhost = 200.200.230.136:1812
accthost = 200.200.230.136:1813
secret = amin}
realm NULL {
type = radius
authhost = 200.200.230.136:1812
accthost = 200.200.230.136:1813
secret = amin}
realm DEFAULT {
type = radius
authhost = 200.200.230.136:1812
accthost = 200.200.230.136:1813
secret = amin}
in the debug mode, the messages are:
_______________________________________________________
host 200.200.230.135:1163, id=189, length=43
User-Name = "abu"
User-Password = "abu"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok
for request 0
modcall[authorize]: module "chap" returns noop for
request 0
modcall[authorize]: module "mschap" returns noop for
request 0
rlm_realm: No '@' in User-Name = "abu", looking up
realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "abu"
rlm_realm: Proxying request from user abu to realm
NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Preparing to proxy authentication
request to realm "NULL"
modcall[authorize]: module "suffix" returns updated
for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for
request 0
radius_xlat: 'abu'
rlm_sql (sql): sql_set_user escaped user --> 'abu'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op
FROM radcheck WHERE Username = 'abu' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username
= 'abu' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op
FROM radreply WHERE Username = 'abu' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username
= 'abu' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns ok for
request 0
modcall: group authorize returns updated for request 0
Sending Access-Request of id 0 to 200.200.230.136:1812
User-Name = "abu"
User-Password = "abu"
NAS-IP-Address = 200.200.230.135
Proxy-State = 0x313839
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Reject packet from host
200.200.230.136:1812, id=0, length=25
Proxy-State = 0x313839
Processing the post-proxy section of radiusd.conf
modcall: entering group post-proxy for request 0
modcall[post-proxy]: module "eap" returns noop for
request 0
modcall: group post-proxy returns noop for request 0
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 189 to
200.200.230.135:1163
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 189 with timestamp 41d0f12f
Nothing to do. Sleeping until we see a request.
_________________________________________________________
FR is sending auth request to the Remote Server
altough the user is from its own sql database. then
rejecting it. Is that what is happening? How can i
drive the request to 1st search from its sql db and
then proxy the request when theres no record?
If any additional info needed, please inform me, I
will send it immediately.
Thanks.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
