Authenticate by users file for RADIUS service operation check

Seiichirou Hiraoka seiichirou.hiraoka at gmail.com
Thu Dec 8 04:17:04 CET 2016 

Hello folks,

I am using FreeRADIUS 3.0.4 on CentOS 7.2.

In order to check the service operation of RADIUS, we are trying to
authenticate with the users file, but proxy request is made.
The setting is as follows.

- /etc/raddb/proxy.conf
realm "~^subdomain\.domain\.com$" {
        authhost        = LOCAL
        accthost        = LOCAL
}

home_server server1 {
        ....
}

home_server server2 {
        ....
}

home_server_pool server {
        type            = fail-over
        home_server     = server1
        home_server     = server2
}

realm DEFAULT {
        pool            = server
        nostrip
}

- /etc/raddb/users
test at test.com   Auth-Type := PAP , Cleartext-Password := "test"

or

test at test.com   Auth-Type := Local , Cleartext-Password := "test"

or

test at test.com   Cleartext-Password := "test"

...

-----

When radtest command is executed with radiusd -X, the following result
is obtained.

# radtest test at test.com test localhost 0 testing123
Sending Access-Request Id 3 from 0.0.0.0:48661 to 127.0.0.1:1812
        User-Name = 'test at test.com'
        User-Password = 'test'
        NAS-IP-Address = X.X.X.X
        NAS-Port = 0
        Message-Authenticator = 0x00
Received Access-Reject Id 3 from 127.0.0.1:1812 to 127.0.0.1:48661 length 36
        Reply-Message = 'Request Denied'
(0) -: Expected Access-Accept got Access-Reject


The following log is output to the console.

(snip)
(0)   [auth_log] = ok
(0)   [chap] = noop
(0)   [mschap] = noop
(0)   [digest] = noop
(0)  suffix : Checking for suffix after "@"
(0)  suffix : Looking up realm "test.com" for User-Name = "test at test.com"
(0)  suffix : Found realm "DEFAULT"
(0)  suffix : Adding Realm = "DEFAULT"
(0)  suffix : Proxying request from user test at test.com to realm DEFAULT
(0)  suffix : Preparing to proxy authentication request to realm "DEFAULT"
(0)   [suffix] = updated
(0)  eap : No EAP-Message, not doing EAP
(0)   [eap] = noop
(0)  files : users: Matched entry test at test.com at line 1
(0)   [files] = ok
(0)   [expiration] = noop
(0)   [logintime] = noop
(0)   [pap] = noop
(0)  } #  authorize = updated
Opening new proxy socket 'proxy address * port 0'
Listening on proxy address * port 59404
(0) Proxying request to home server X.X.X.X port 1812 timeout 30.000000
(0) Sending Access-Request packet to host X.X.X.X port 1812, id=85, length=0
(snip)

-----

My question is how to authenticate users file without
proxying ?

Best regards!

More information about the Freeradius-Users mailing list