Issues with Auth when freeradius proxies to another freeradius server.

Willie Yeo willie at fuzzyeyes.com
Wed Aug 29 01:46:56 CEST 2007


I am running a Cisco 7200 with vpdn tunnels.

Freeradius 1.1.6 server I am running,

My authentications to my local box of other realms (e.g. @bbb.org,  
@ccc.com) within the local box is working fine, but authenticating  
from Cisco router nas_ip_x, to my local radius box, and then (re-) 
proxying realm @ggg.net to another Freeradius server is failing.

The router doesn't get a response at all, but the radius debug shows  
that the remote freeradius is responding with rad_recv: Access-Accept  
packet from host remote_freeradius_ip:1812, id=3, length=48, and I  
can see the logs remote box it is authenticated.

All I can see is that my local radius box list
"modcall: group authorize returns fail for request 11"
and I don't see a response to the Cisco router.

Any pointers will be much appreciated.

Thank you.

Willie

--- Walking the entire request list ---
Waking up in 3 seconds...
rad_recv: Access-Request packet from host nas_ip_x:1645, id=15,  
length=104
         Framed-Protocol = PPP
         User-Name = "greg at ggg.net"
         CHAP-Password = 0x251f4cce03886d9d4594e0e977028f9364
         NAS-Port-Type = Virtual
         NAS-Port = 655
         Calling-Station-Id = "qwb209000200750"
         Service-Type = Framed-User
         NAS-IP-Address = nas_ip_x
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 11
   modcall[authorize]: module "preprocess" returns ok for request 11
   rlm_chap: Setting 'Auth-Type := CHAP'
   modcall[authorize]: module "chap" returns ok for request 11
   modcall[authorize]: module "mschap" returns noop for request 11
     rlm_realm: Looking up realm "ggg.net" for User-Name =  
"greg at ggg.net"
     rlm_realm: Found realm "ggg.net"
     rlm_realm: Proxying request from user greg to realm ggg.net
     rlm_realm: Adding Realm = "ggg.net"
     rlm_realm: Preparing to proxy authentication request to realm  
"ggg.net"
   modcall[authorize]: module "suffix" returns updated for request 11
   modcall[authorize]: module "files" returns notfound for request 11
radius_xlat:  ''
   modcall[authorize]: module "sql" returns fail for request 11
modcall: group authorize returns fail for request 11
Sending Access-Request of id 3 to remote_freeradius_ip:1812
         Framed-Protocol = PPP
         User-Name = "greg at ggg.net"
         CHAP-Password = 0x251f4cce03886d9d4594e0e977028f9364
         NAS-Port-Type = Virtual
         NAS-Port = 655
         Calling-Station-Id = "qwb209000200750"
         Service-Type = Framed-User
         NAS-IP-Address = nas_ip_x
         CHAP-Challenge = 0x4110b677d9b60422bf19448745fab584
         Proxy-State = 0x3135
Waking up in 3 seconds...
rad_recv: Access-Accept packet from host remote_freeradius_ip:1812,  
id=3, length=48
         Framed-IP-Address = 210.8.255.11
         Framed-Protocol = PPP
         Service-Type = Framed-User
         Framed-Compression = Van-Jacobson-TCP-IP
         Proxy-State = 0x3135
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 11
   modcall[authorize]: module "preprocess" returns ok for request 11
   rlm_chap: WARNING: Auth-Type already set.  Not setting to CHAP
   modcall[authorize]: module "chap" returns noop for request 11
   modcall[authorize]: module "mschap" returns noop for request 11
     rlm_realm: Proxy reply, or no User-Name.  Ignoring.
   modcall[authorize]: module "suffix" returns noop for request 11
   modcall[authorize]: module "files" returns notfound for request 11
radius_xlat:  ''
   modcall[authorize]: module "sql" returns fail for request 11
modcall: group authorize returns fail for request 11
Finished request 11
Going to the next request
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 10 ID 14 with timestamp 46d4260e
Cleaning up request 11 ID 15 with timestamp 46d4260e
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070829/d4407b18/attachment.html>


More information about the Freeradius-Users mailing list