Re: rlm_proxy problems

Mon, 21 Aug 2006 05:34:55 -0700

The patch applies to 1.1.0, but neither the patched 1.1.0 or a patched 1.1.2 fixes the problem. 

On the concentrator, successful auths look like:

36557 08/21/2006 08:16:24.270 SEV=4 IKE/52 RPT=42919 68.100.177.222
Group [OFFICE] User [hockingmr] User (hockingmr) authenticated.

36562 08/21/2006 08:16:25.230 SEV=4 IKE/119 RPT=62782 68.100.177.222
Group [OFFICE] User [hockingmr] PHASE 1 COMPLETED

where the failures look like:

36141 08/21/2006 08:13:10.640 SEV=3 AUTH/5 RPT=30061 69.175.180.60
Authentication rejected: Reason = Unspecified handle = 6, server = 205.188.136.151, user = suzannebd, domain = <not specified> 

although I see the same effect when using radclient:

Sending Access-Request of id 106 to 127.0.0.1 port 1645
        User-Name = "bob"
        User-Password = "password"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 1
rad_recv: Access-Accept packet from host 127.0.0.1:1645, id=106, length=43
        Account-Flags = 587300864
        Connect-Info = "OFFICE"

then:

Sending Access-Request of id 121 to 127.0.0.1 port 1645
        User-Name = "bob"
        User-Password = "password"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 1
rad_recv: Access-Reject packet from host 127.0.0.1:1645, id=121, length=2
I'm at a loss, and without being able to proxy auth to another server, my entire infrastructure is useless. The worst part of this is that I haven't been able to re-create it except in a production environment... for whatever reason, just running a half dozen simultaneous auths with radclient doesn't seem to cause this. 

Ideas?  Thanks.

Alan DeKok wrote:

Geoff Silver <[EMAIL PROTECTED]> wrote:
Red Hat Enterprise Linux 3.0. Also has the same build issues on my RedHat EL4.0 dev system. 

  Weird.  It works for me on FC4, and many other OSes.


We were previously using FreeRADIUS 1.1.0, which built fine.  IIRC,
the problem surfaced in 1.1.1, which is why we're still using 1.1.0
(was hoping it would be fixed in 1.1.2...)


  Maybe 1.1.3.

  So... does the patch in the bug apply to 1.1.0, and does it solve
the problem?

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to