FreeRadius working as a ProxyRadius using PAP protocol

NGUYEN DANG LUAN, Eric eric.nguyen-dang-luan at sogeti.com
Wed Nov 12 09:42:44 CET 2008 

Hello,

 

I'm trying to use FreeRadius (server-2.1.1) as a Proxy Radius with PAP
protocol.

 

 

              peap,eap,pap
pap

Client <----------------------> AP <-------------> FreeRadius
<--------------> Radius server

 

 

There's what i have had in my conf files:

 

client.conf:

 

client ***.***.***.*** {

        secret          = pass

        shortname       = LinksysWRT54G

        nastype         = other

}

 

proxy.conf:

 

realm NULL {

        authhost        = ***.***.***.***:1645

        accthost        = ***.***.***.***:1646

        secret          = pass

}

 

users:

DEFAULT FreeRADIUS-Proxied-To == ***.***.***.***, Auth-Type := PAP

 

 

I don't think my proxy radius use the right protocol. I want it to use
PAP protocol whe it tries to contact radius server.

 

< radiusd: #### Opening IP addresses and Ports ####

< listen {

<         type = "auth"

<         ipaddr = *

<         port = 1645

< }

< listen {

<         type = "acct"

<         ipaddr = *

<         port = 1646

< }

< Listening on authentication address * port 1645

< Listening on accounting address * port 1646

< Listening on proxy address * port 1647

< Ready to process requests.

< 

< rad_recv: Access-Request packet from host ***.***.***.*** port 1405,
id=0, length=180

<         Message-Authenticator = 0x1ad77a29ef17ee966a8521f57795f231

<         Service-Type = Framed-User

<        User-Name = "enguyend\000"

<         Framed-MTU = 1488

<         Called-Station-Id = "00-1D-7E-5F-F7-39:SogetiNET"

<         Calling-Station-Id = "00-16-6F-AA-80-DD"

<         NAS-Port-Type = Wireless-802.11

<         Connect-Info = "CONNECT 54Mbps 802.11g"

<         EAP-Message = 0x0200000d01656e677579656e64

<         NAS-IP-Address = 192.168.1.1

<         NAS-Port = 1

<         NAS-Port-Id = "STA port # 1"

< +- entering group authorize {...}

< ++[preprocess] returns ok

< ++[chap] returns noop

< ++[mschap] returns noop

< [suffix] No '@' in User-Name = "enguyend", looking up realm NULL

< [suffix] Found realm "NULL"

< [suffix] Adding Stripped-User-Name = "enguyend"

< [suffix] Adding Realm = "NULL"

< [suffix] Proxying request from user enguyend to realm NULL

< [suffix] Preparing to proxy authentication request to realm "NULL" 

< ++[suffix] returns updated

< [eap] Request is supposed to be proxied to Realm NULL.  Not doing EAP.

< ++[eap] returns noop

< ++[unix] returns notfound

< ++[files] returns noop

< ++[expiration] returns noop

< ++[logintime] returns noop

< ++[pap] returns noop

< Sending Access-Request of id 210 to ***.***.***.*** port 1645

<         Message-Authenticator = 0x00000000000000000000000000000000

<         Service-Type = Framed-User

<         User-Name = "enguyend"

<         Framed-MTU = 1488

<         Called-Station-Id = "00-1D-7E-5F-F7-39:SogetiNET"

<         Calling-Station-Id = "00-16-6F-AA-80-DD"

<         NAS-Port-Type = Wireless-802.11

<         Connect-Info = "CONNECT 54Mbps 802.11g"

<         EAP-Message = 0x0200000d01656e677579656e64

<         NAS-IP-Address = 192.168.1.1

<         NAS-Port = 1

<         NAS-Port-Id = "STA port # 1"

<         Proxy-State = 0x30

< Proxying request 0 to home server ***.***.***.*** port 1645

< Sending Access-Request of id 210 to ***.***.***.*** port 1645

<         Message-Authenticator = 0x00000000000000000000000000000000

<         Service-Type = Framed-User

<         User-Name = "enguyend"

<         Framed-MTU = 1488

<         Called-Station-Id = "00-1D-7E-5F-F7-39:SogetiNET"

<         Calling-Station-Id = "00-16-6F-AA-80-DD"

<         NAS-Port-Type = Wireless-802.11

<         Connect-Info = "CONNECT 54Mbps 802.11g"

<         EAP-Message = 0x0200000d01656e677579656e64

<         NAS-IP-Address = 192.168.1.1

<         NAS-Port = 1

<         NAS-Port-Id = "STA port # 1"

<         Proxy-State = 0x30

< Going to the next request

< Waking up in 0.9 seconds.

< Waking up in 13.0 seconds.

< rad_recv: Access-Request packet from host ***.***.***.*** port 1405,
id=0, length=180

< Sending duplicate proxied request to home server ***.***.***.*** port
1645 - ID: 210

< Sending Access-Request of id 210 to ***.***.***.*** port 1645

<         Message-Authenticator = 0x00000000000000000000000000000000

<         Service-Type = Framed-User

<         User-Name = "enguyend"

<         Framed-MTU = 1488

<        Called-Station-Id = "00-1D-7E-5F-F7-39:SogetiNET"

<        Calling-Station-Id = "00-16-6F-AA-80-DD"

<         NAS-Port-Type = Wireless-802.11

<         Connect-Info = "CONNECT 54Mbps 802.11g"

<         EAP-Message = 0x0200000d01656e677579656e64

<         NAS-IP-Address = 192.168.1.1

<         NAS-Port = 1

<         NAS-Port-Id = "STA port # 1"

<         Proxy-State = 0x30

< Waking up in 11.0 seconds.

< Rejecting request 0 due to lack of any response from home server
***.***.***.*** port 1645

< There was no response configured: rejecting request 0

< Using Post-Auth-Type Reject

< +- entering group REJECT {...}

< [attr_filter.access_reject]     expand: %{User-Name} -> enguyend

<  attr_filter: Matched entry DEFAULT at line 11

< ++[attr_filter.access_reject] returns updated

< Sending Access-Reject of id 0 to ***.***.***.*** port 1405

< Finished request 0.

< PROXY: Marking home server ***.***.***.*** port 1645 as zombie (it
looks like it is dead).

< Waking up in 4.9 seconds.

< Cleaning up request 0 ID 0 with timestamp +15

< Ready to process requests.

 

Does anyone have on idea?

 

Thanks

 

Eric NGUYEN

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20081112/ce331f55/attachment.html>

More information about the Freeradius-Users mailing list