Freeradius-Proxied-To, radrelay and 2.0

Milan Holub holub at thenet.ch
Mon May 21 16:46:19 CEST 2007 

Hi Alan/others,

I wonder whether there is any use for Freeradius-Proxied-To attribute
with freeradius 2.0.

In freeradius 1.X the attribute was used to stop proxy for relayed
packets.

Now when I'm relaying some accounting packets to my freeradius server
using radrelay binary from 1.1.6 and there is a packet which has
already "Freeradius-Proxied-To" attribute set then freeradius 2.0(cvs head)
just ignores it and tries to proxy the packet to remote home server.

Would it be possible that 2.0 also honors the Freeradius-Proxied-To
attribute as in 1.X?

I've also observed following related issue regarding the "default_fallback"
option of "proxy server {}" in proxy.conf:
* I've set default_fallback = yes
* home server for realm A was not reachable
==> when sending the packet with realm A(with Freeradius-Proxied-To set
to IP of home_server for realm A) to radius then:
1) radius was trying to proxy the packet to home_server(ignoring
Freeradius-Proxied-To attribute)
2) radius did not fall back to LOCAL realm
3) radius did not send accounting response back to client(radrelay) -
probably consequence of 2???

Final consequence is that radrelay re-sends the packet which was not
acknowledged by accounting response and it keeps re-sending
forever...(radrelay can't continue in processing detail file)

What I'm trying to achieve actually is freeradius 2.0 + radrelay(using
binary from 1.1.6) and above is the "show stopper":(

Any advise?

Here is related debug:
...
 home_server srv {
        ipaddr = <PROXY_IP> IP address [<PROXY_IP>]
        port = 1812
        type = "auth+acct"
        secret = "Atekfuv9"
        response_window = 30
        max_outstanding = 65536
        zombie_period = 40
        status_check = "none"
        ping_check = "none"
        ping_interval = 30
        check_interval = 30
        num_answers_to_alive = 3
        num_pings_to_alive = 3
        revive_interval = 300
        status_check_timeout = 4
 }
 server_pool failover {
        type = failover
        home_server = srv
 }
 server_pool failover {
        type = failover
        home_server = srv
 }
 realm A {
        pool = failover
 }
...
Proxying request 0 to realm A, home server <PROXY_IP> port 1813
...
Going to the next request
Thread 1 waiting to be assigned a request
Waking up in 29 seconds...
Received conflicting packet from client <RADRELAY_CLIENT_IP> port 33413 - ID: 0 due to unfinished request 0.  Giving up on old request.
...

Proxying request 1 to realm A, home server <PROXY_IP> port 1813
...
Proxying request 2 to realm A, home server <PROXY_IP> port 1813
Going to the next request
Thread 3 waiting to be assigned a request
Waking up in 23 seconds...
Received conflicting packet from client <RADRELAY_CLIENT_IP> port 33413 - ID: 0 due to unfinished request 2.  Giving up on old request.
...

Rejecting request 0 due to lack of any response from home server <PROXY_IP> port 1813
WARNING: Unresponsive child (id 0) for request 0, in module <server-core> component <server-core>
WARNING: Marking home server <PROXY_IP> port 1813 as zombie (it looks like it is dead).
Thread 1 got semaphore
Thread 1 waiting to be assigned a request
Received conflicting packet from client <RADRELAY_CLIENT_IP> port 33413 - ID: 0 due to unfinished request 9.  Giving up on old request.
...
Rejecting request 1 due to lack of any response from home server <PROXY_IP> port 1813
WARNING: Unresponsive child (id 0) for request 1, in module <server-core> component <server-core>
Thread 3 got semaphore
Thread 3 waiting to be assigned a request
Received conflicting packet from client <RADRELAY_CLIENT_IP> port 33413 - ID: 0 due to unfinished request 10.  Giving up on old request.
...
ERROR: Failed to find live home server for realm A
...
Rejecting request 438 due to lack of any response from home server <PROXY_IP> port 1813
FAILURE: Marking home server <PROXY_IP>  port 1813 as dead.
WARNING: Unresponsive child (id 0) for request 438, in module <server-core> component <server-core>
...
ERROR: Failed to find live home server for realm A
Finished request 449 state 6
...


Milan Holub
holub (at) thenet (dot) ch

--------------------------------------
 TheNet-Internet Services AG,
 im Bernertechnopark, Morgenstr. 129
 CH-3018, Bern, Switzerland
 031 998 4333, Fax 031 998 4330
 http://www.thenet.ch
 http://wlan.thenet.ch
--------------------------------------

More information about the Freeradius-Users mailing list