Problem with Proxy server testing
Himanshu Pandey
pandey_himanshu80 at rediffmail.com
Tue Oct 7 14:40:17 CEST 2014
Hi,
I was trying to test the proxy server concept of freeradius so I did this:
/* proxy.conf */ I added two proxy servers
home_server safeword1 {
type = auth+acct
ipaddr = 192.168.178.25
port = 1812
secret = letmesafeword
require_message_authenticator = no
response_window = 20
zombie_period = 40
revive_interval = 120
status_check = status-server
check_interval = 30
num_answers_to_alive = 3
}
home_server google1 {
type = auth+acct
ipaddr = 172.16.1.27
port = 1812
secret = letmegoogle
require_message_authenticator = no
response_window = 20
zombie_period = 40
revive_interval = 120
status_check = status-server
check_interval = 30
num_answers_to_alive = 3
}
home_server_pool my_safeword_radius_servers {
type = fail-over
home_server = safeword1
}
home_server_pool my_googleotp_radius_servers {
type = fail-over
home_server = google1
}
realm "SAFEWORD" {
auth_pool = my_safeword_radius_servers
acct_pool = my_safeword_radius_servers
}
realm "GOOGLE" {
auth_pool = my_googleotp_radius_servers
acct_pool = my_googleotp_radius_servers
}
realm "GOOGLE" {
# do nothing
# this means use the local server
}
In /*hint*/
I added
# GOOGLE
#Detect gA at start of username and if so add realm GOOGLE at the end
# see http://wiki.freeradius.org/Hints
DEFAULT User-Name =~ "^(gA.*)"
User-Name := "%{1}@GOOGLE"
# SAFEWORD
# Detect lowercase "v", 1 or 2 captial letters followed by 6 numbers
# at start of username to identify a SAFEWORD token
# and if so add realm SAFEWORD at the end
# see http://wiki.freeradius.org/Hints
DEFAULT User-Name =~ "^(v[A-Z]{1,2}[0-9]{6})"
User-Name := "%{1}@SAFEWORD"
Now I used radtest with the following command
/opt/freeradius/bin/radtest gA123443 592455 192.168.178.25 1812 letmegoogle
But it is giving an error. Please help me to resolve the same.
Debug log:
Listening on command file /opt/freeradius/var/run/radiusd/radiusd.sock
Listening on auth address * port 1812 as server default
Listening on acct address * port 1813 as server default
Listening on auth address :: port 1812 as server default
Listening on acct address :: port 1813 as server default
Listening on auth address 127.0.0.1 port 18120 as server inner-tunnel
Opening new proxy socket 'proxy address * port 0'
Listening on proxy address * port 48013
Ready to process requests
Received Access-Request Id 69 from 127.0.0.1:42855 to 127.0.0.1:1812 length 78
(0) Received Access-Request packet from host 127.0.0.1 port 42855, id=69, length=78
(0) Dropping packet without response because of error: Received packet from 127.0.0.1 with invalid Message-Authenticator! (Shared secret is incorrect.)
Waking up in 0.3 seconds.
(0) Cleaning up request packet ID 69 with timestamp +12
Ready to process requests
Received Access-Request Id 69 from 127.0.0.1:42855 to 127.0.0.1:1812 length 78
(1) Received Access-Request packet from host 127.0.0.1 port 42855, id=69, length=78
(1) Dropping packet without response because of error: Received packet from 127.0.0.1 with invalid Message-Authenticator! (Shared secret is incorrect.)
Waking up in 0.3 seconds.
(1) Cleaning up request packet ID 69 with timestamp +17
Ready to process requests
Received Access-Request Id 69 from 127.0.0.1:42855 to 127.0.0.1:1812 length 78
(2) Received Access-Request packet from host 127.0.0.1 port 42855, id=69, length=78
(2) Dropping packet without response because of error: Received packet from 127.0.0.1 with invalid Message-Authenticator! (Shared secret is incorrect.)
Waking up in 0.3 seconds.
(2) Cleaning up request packet ID 69 with timestamp +22
Ready to process requests
Regards,
Sonu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141007/49808f30/attachment-0001.html>
More information about the Freeradius-Users
mailing list