FreeRadius working as a ProxyRadius using PAP protocol

Wed Nov 12 15:39:59 CET 2008

> -----Message d'origine-----
> De : freeradius-users-bounces+eric.nguyen-dang-luan=sogeti.com at lists.freeradius.org [mailto:freeradius-users-bounces+eric.nguyen-dang-luan=sogeti.com at lists.freeradius.org] De la part de tnt at kalik.net
> Envoyé : mercredi 12 novembre 2008 12:15
> À : FreeRadius users mailing list
> Objet : Re: FreeRadius working as a ProxyRadius using PAP protocol
>
> >I'm trying to use FreeRadius (server-2.1.1) as a Proxy Radius with PAP
> >protocol.
> >
>
> If you ment to proxy only pap requests, your configuration is not going
> to work.
>
> >proxy.conf:
> >
> > 
> >
> >realm NULL {
> >
> >        authhost        = ***.***.***.***:1645
> >
> >        accthost        = ***.***.***.***:1646
> >
> >        secret          = pass
> >
> >}
> >
> >users:
> >
> >DEFAULT FreeRADIUS-Proxied-To == ***.***.***.***, Auth-Type := PAP
> >
>
> It was an eap request so that didn't match.
>
> >< Proxying request 0 to home server ***.***.***.*** port 1645
> >
> >< Sending Access-Request of id 210 to ***.***.***.*** port 1645
> >
> ><         Message-Authenticator = 0x00000000000000000000000000000000
> >
> ><         Service-Type = Framed-User
> >
> ><         User-Name = "enguyend"
> >
> ><         Framed-MTU = 1488
> >
> ><         Called-Station-Id = "00-1D-7E-5F-F7-39:SogetiNET"
> >
> ><         Calling-Station-Id = "00-16-6F-AA-80-DD"
> >
> ><         NAS-Port-Type = Wireless-802.11
> >
> ><         Connect-Info = "CONNECT 54Mbps 802.11g"
> >
> ><         EAP-Message = 0x0200000d01656e677579656e64
> >
> ><         NAS-IP-Address = 192.168.1.1
> >
> ><         NAS-Port = 1
> >
> ><         NAS-Port-Id = "STA port # 1"
> >
> ><         Proxy-State = 0x30
> >
> >< Going to the next request
>..
> >< Rejecting request 0 due to lack of any response from home server
> >***.***.***.*** port 1645
> >
> >< There was no response configured: rejecting request 0
> >
>
> Request was proxied but home server didn't respond. You will have to
> debug the home server and see did it recieve the request.
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

My request are proxied : i got this the following respond : 
< rad_recv: Access-Reject packet from host 205.223.235.196 port 1645, id=186, length=23
<         Proxy-State = 0x30

In my radius log file:
< *******   Incoming RADIUS packet:   *******
< radrecv: Packet from host 10.226.66.51, port=24670
< send_reject()
< *******   Incoming RADIUS packet:   *******
< radrecv: Packet from host 10.226.65.52, port=25433
< send_reject()

I think the problem is the protocol I use : PAP.
I'm not sure that FreeRadius use PAP protocol to communicate with Radius Server.
And is it normal that I can't see any password when I use a sniffer?

Regards

NGUYEN Eric