new to freeradius - proxy question

Paul A razor at meganet.net
Tue Oct 21 17:32:29 CEST 2008


Ivan, from the new freeradius proxy I authenticate with/without the realm
using radtest and those packets look the same to me.

[root@]# radtest ectest 123 xxx.xxx.65.239:1645 11 QuincY
Sending Access-Request of id 89 to xxx.xxx.65.239 port 1645
        User-Name = "ectest"
        User-Password = "123"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 11
rad_recv: Access-Accept packet from host xxx.xxx.239:1645, id=89, length=226
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Session-Timeout = 23400
        Port-Limit = 1
        Idle-Timeout = 840
        X-Ascend-Data-Filter = "ip in forward tcp est"
        X-Ascend-Data-Filter = "ip in forward dstip xxx.xxx.64.0/19 0"
        X-Ascend-Data-Filter = "ip in forward dstip xxx.xxx.36.0/24 0"
        X-Ascend-Data-Filter = "ip in drop tcp dstport = 25"
        X-Ascend-Data-Filter = "ip in forward 0"
        Framed-Routing = None


[root@]# radtest ectest at naisp.net 123 209.213.65.239:1645 11 QuincY
Sending Access-Request of id 85 to xxx.xxx.65.239 port 1645
        User-Name = "ectest at xxx.net"
        User-Password = "123"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 11
rad_recv: Access-Accept packet from host xxx.xxx.65.239:1645, id=85,
length=226
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Session-Timeout = 23400
        Port-Limit = 1
        Idle-Timeout = 840
        X-Ascend-Data-Filter = "ip in forward tcp est"
        X-Ascend-Data-Filter = "ip in forward dstip xxx.xxx.0/19 0"
        X-Ascend-Data-Filter = "ip in forward dstip xxx.xxx.36.0/24 0"
        X-Ascend-Data-Filter = "ip in drop tcp dstport = 25"
        X-Ascend-Data-Filter = "ip in forward 0"
        Framed-Routing = None


-----Original Message-----
From: freeradius-users-bounces+razor=meganet.net at lists.freeradius.org
[mailto:freeradius-users-bounces+razor=meganet.net at lists.freeradius.org] On
Behalf Of tnt at kalik.net
Sent: Tuesday, October 21, 2008 11:14 AM
To: FreeRadius users mailing list
Subject: Re: new to freeradius - proxy question

>But for users login in without a realm I notice a lot of stop records but
>the curious thing is that I see some with Ascend-Disconnect-Cause =
>PPP-PAP-Auth-Failed. So now im wondering if the proxy at 2.2.2.2 is doing
>something to the packets leaving for 3.3.3.3 that's causing it to fail
>without the realm at the destination server.
>

Is there anything different in Access-Accept packets for user with and
without the realm?

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
No virus found in this incoming message.
Checked by AVG - http://www.avg.com 
Version: 8.0.173 / Virus Database: 270.8.2/1735 - Release Date: 10/20/2008
2:52 PM




More information about the Freeradius-Users mailing list