Hi all:

   In radiusd.c, function "int rad_respond(REQUEST *request, RAD_REQUEST_FUNP 
fun)", I found such problem: 
If a AUTHENTICATION_REQUEST or ACCOUNTING_REQUEST packet is received, the 
server will first carry the operation
 (ex. authentication) itself, then send proxy request to home server, despite 
of proxying or not.
   For example, home server is 61.191.145.206,port 1645, with realm "serv.com", 
I test in local server: "./radtest [EMAIL PROTECTED] test localhost 12 
testing123", we can find that in local server, an authentication operation is
carried before proxying to home sever 61.191.145.206, which is not needed at 
all.
   Is the behaviour correct?
   Thanks for reply!

rad_recv: Access-Request packet from host 127.0.0.1:39969, id=17, length=65
        User-Name = "[EMAIL PROTECTED]"
        User-Password = "test"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 12
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: Looking up realm "serv.com" for User-Name = "[EMAIL PROTECTED]"
    rlm_realm: Found realm "serv.com"
    rlm_realm: Adding Stripped-User-Name = "test"
    rlm_realm: Proxying request from user test to realm serv.com
    rlm_realm: Adding Realm = "serv.com"
    rlm_realm: Preparing to proxy authentication request to realm "serv.com"
  modcall[authorize]: module "suffix" returns updated for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched entry DEFAULT at line 153
  modcall[authorize]: module "files" returns ok for request 0
radius_xlat:  '[EMAIL PROTECTED]'
rlm_sql (sql): sql_set_user escaped user --> '[EMAIL PROTECTED]'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM 
radcheck                                   WHERE Username = '[EMAIL PROTECTED]' 
          ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat:  'SELECT 
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Att                      
  ribute,radgroupcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup 
WHERE                         usergroup.Username = '[EMAIL PROTECTED]' AND 
usergroup.GroupName = radgroupcheck.Gro                        upName ORDER BY 
radgroupcheck.id'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM 
radreply                                   WHERE Username = '[EMAIL PROTECTED]' 
          ORDER BY id'
radius_xlat:  'SELECT 
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Att                      
  ribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,usergroup 
WHERE                         usergroup.Username = '[EMAIL PROTECTED]' AND 
usergroup.GroupName = radgroupreply.Gro                        upName ORDER BY 
radgroupreply.id'
rlm_sql (sql): Released sql socket id: 4
  modcall[authorize]: module "sql" returns ok for request 0
  modcall[authorize]: module "pap" returns noop for request 0
modcall: leaving group authorize (returns updated) for request 0
Sending Access-Request of id 0 to 61.191.145.206 port 1645
        User-Name = "test"
        User-Password = "test"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 12
        Proxy-State = 0x3137
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:39969, id=17, length=65
Ignoring duplicate packet from client localhost:39969 - ID: 17, due to 
outstandi                        ng proxied request 0.
--- Walking the entire request list ---
Waking up in 3 seconds...
          

        LinHai
[EMAIL PROTECTED]
          2007-04-16

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to