proxy questions

piston pistonic at yahoo.com
Wed Mar 25 17:35:00 CET 2009


You should also uncommed or add IPASS under authorizes section and preacct section.

Good luck!



----- Original Message ----
From: Sebastien Boucher <cannibalist at gmail.com>
To: freeradius-users at lists.freeradius.org
Sent: Thursday, March 26, 2009 12:05:22 AM
Subject: proxy questions

i don't know if this was asked before but here it goes :

we are currently using FreeRADIUS Version 1.1.1 that authenticates
local users via LDAP

I am trying to setup an IPASS realm for another company and can't get any
success .. here is what i have done so far:

i have the following in radiusd.conf

       realm IPASS {
               format = prefix
               delimiter = "/"
               ignore_default = yes
               ignore_null = yes
       }


i also uncommented IPASS  in authorize and preacct


and this is what i have in proxy.conf

realm IPASS {
      type             = radius
      authhost         = server.ip.here:1812
      accthost         = server.ip.here:1813
      secret           = ****
      retry_delay      = 10
      retry_count      = 3
      dead_time        = 1
      nostrip
}

realm NULL {
       type            = radius
       authhost        = LOCAL
       accthost        = LOCAL
}


this what i get when i run radiusd in debug :


rad_recv: Access-Request packet from host nas.ip.address:1645, id=82, length=168
        Framed-Protocol = PPP
        User-Name = "IPASS/user at company.com"
        User-Password = "somepassword"
        Called-Station-Id = "5143174746"
        Calling-Station-Id = "5148776026"
        Cisco-NAS-Port = "Async1/8/97"
        NAS-Port = 3013
        NAS-Port-Type = Async
        Service-Type = Framed-User
        NAS-IP-Address = nas.ip.address
        Acct-Session-Id = "0017A2FD"
        NAS-Identifier = "NAS01.MTLCNDS."
rlm_ldap: Entering ldap_groupcmp()
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: object not found or got ambiguous search result
rlm_ldap::ldap_groupcmp: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: Entering ldap_groupcmp()
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: object not found or got ambiguous search result
rlm_ldap::ldap_groupcmp: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for IPASS/user at company.com
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0 Sending Access-Reject of id
82 to 206.80.253.252 port 1645


i am sure i am missing something .. if i understand radius is trying
to validate it in LDAP before sending the proxy request to the other
server

any help would be very appreciated

thanks

seb
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



      



More information about the Freeradius-Users mailing list