post-proxy section ( 3.0.9 bump )

Peter Balsianok balsianok.peter at gmail.com
Thu Jun 18 11:51:51 CEST 2015 

Hi,

I want to log proxy request in the case of Access-Reject from proxy server

In the conf file (site-enables/default):

post-proxy {
  log_proxy_reply
  Post-Proxy-Type Fail-Authentication {
    log_proxy_request
    log_control
  }
}

I've tested it with Fail or Fail-Authentication. The same result, proxy
request wasn't printed out.

Debug ouput:
....
post-proxy {
  log_proxy_reply
  Post-Proxy-Type Fail-AuthenticationOpening new proxy socket 'proxy
address * port 0'
Listening on proxy address * port 43154
(0) Proxying request to home server 127.0.0.1 port 10812 timeout 14.000000
(0) Sent Access-Request Id 129 from 0.0.0.0:43154 to 127.0.0.1:10812 length
182
(0)   NAS-Port-Type = Virtual
(0)   CHAP-Password = 0x0103d8b4385d31b89f746a2838b87fa049
(0)   Service-Type = Framed-User
(0)   Called-Station-Id = 'proxy.corp'
(0)   Calling-Station-Id = '421905725408'
(0)   Framed-Protocol = PPP
(0)   CHAP-Challenge = 0xe3c6f04f3c08c6067deb9c79c060e966
(0)   User-Name = '421905725408'
(0)   Connect-Info = '8640000'
(0)   NAS-IP-Address = 85.237.227.1
(0)   NAS-Port = 385
(0)   Qos-Policy-Policing = 'Uniq-Sess-ID385'
(0)   Event-Timestamp = 'Jun 18 2015 11:48:41 CEST'
(0)   Message-Authenticator := 0x00
(0)   Proxy-State = 0x313131
Waking up in 0.3 seconds.
(0) Clearing existing &reply: attributes
(0) Received Access-Reject Id 129 from 127.0.0.1:10812 to 127.0.0.1:43154
length 25
(0)   Proxy-State = 0x313131
(0) # Executing section post-proxy from file ./sites-enabled/default
(0)   post-proxy {
(0) log_proxy_reply: EXPAND /app_log/radius/auth/radius.log
(0) log_proxy_reply:    --> /app_log/radius/auth/radius.log
(0) log_proxy_reply: EXPAND %t : Info PROXY-REPLY(%{User-Name}):
%{pairs:proxy-reply:}
(0) log_proxy_reply:    --> Thu Jun 18 11:48:41 2015 : Info
PROXY-REPLY(421905725408 at proxy.corp): Proxy-State = 0x313131
(0)     [log_proxy_reply] = ok
(0)   } # post-proxy = ok
(0) Login incorrect (Home Server says so): [421905725408 at proxy.corp/<via
Auth-Type = CHAP>] (from client localhost port 385 cli 421905725408)
(0) Using Post-Auth-Type Reject
(0) Post-Auth-Type sub-section not found.  Ignoring.
(0) # Executing group from file ./sites-enabled/default
(0) Sent Access-Reject Id 111 from 127.0.0.1:1812 to 127.0.0.1:33136 length
0
(0) Finished request

What i am doing wrong ?

Thx.

More information about the Freeradius-Users mailing list