freeradius <=> radsecproxy: Login incorrect (Failed to find live home server)
Michael Baye
excelsio at gmx.com
Mon Aug 8 15:22:31 UTC 2022
Hello all,
sorry for the html...
I have freeradius 3.0.25 and radsecproxy 1.9.1 installed on the same server. freeradius receives requests, proxies it to radsecproxy which will forward it to the next hop.
=================================================
- /etc/raddb/proxy.conf
:
realm bypass.org {
authhost = 127.0.0.1:2087
accthost = 127.0.0.1:2086
proto = udp
secret = Waytodifficult
nostrip
}
=================================================
- /etc/radsecproxy.conf
:
listenUDP 127.0.0.1:2086
listenUDP 127.0.0.1:2087
:
:
client 127.0.0.1 {
type udp
secret Waytodifficult
}
:
:
realm /@bypass\.org$/ {
server tl1.outside.org
server tl2.outside.org
server tl3.outside.org
accountingserver tl1.outside.org
accountingserver tl2.outside.org
accountingserver tl3.outside.org
}
=================================================
Well, I´m seeing strange sporadic "Login incorrect (Failed to find live home server" errors by freeradius) for different requests. According to /var/log/radius/radius.log.
=====freeradius has many (Failed to find live home server: Cancelling proxy)-messages, followed by 1x Login OK:
Mon Aug 8 16:10:59 2022 : Auth: (166054) Login incorrect (Failed to find live home server: Cancelling proxy): [2669314093 at bypass.org/<no User-Password attribute>] (from client ap-g17-00.37 port 2 cli 20-F4-12:31-E1-41)
Mon Aug 8 16:11:05 2022 : Auth: (166103) Login incorrect (Failed to find live home server: Cancelling proxy): [2669314093 at bypass.org/<no User-Password attribute>] (from client ap-g17-00.37 port 3 cli 20-F4-12:31-E1-41)
Mon Aug 8 16:11:14 2022 : Auth: (166201) Login incorrect (Failed to find live home server: Cancelling proxy): [2669314093 at bypass.org/<no User-Password attribute>] (from client ap-g17-00.37 port 3 cli 20-F4-12:31-E1-41)
Mon Aug 8 16:11:26 2022 : Auth: (166284) Login incorrect (Failed to find live home server: Cancelling proxy): [2669314093 at bypass.org/<no User-Password attribute>] (from client ap-g17-00.37 port 3 cli 20-F4-12:31-E1-41)
Mon Aug 8 16:11:34 2022 : Auth: (166350) Login incorrect (Failed to find live home server: Cancelling proxy): [2669314093 at bypass.org/<no User-Password attribute>] (from client ap-g17-00.37 port 3 cli 20-F4-12:31-E1-41)
Mon Aug 8 16:11:46 2022 : Auth: (166482) Login incorrect (Failed to find live home server: Cancelling proxy): [2669314093 at bypass.org/<no User-Password attribute>] (from client ap-g17-00.37 port 3 cli 20-F4-12:31-E1-41)
Mon Aug 8 16:11:54 2022 : Auth: (166577) Login incorrect (Failed to find live home server: Cancelling proxy): [2669314093 at bypass.org/<no User-Password attribute>] (from client ap-g17-00.37 port 3 cli 20-F4-12:31-E1-41)
Mon Aug 8 16:15:46 2022 : Auth: (168827) Login OK: [2669314093 at bypass.org/<via Auth-Type = Accept>] (from client ap-g17-00.37 port 1 cli 20-F4-12:31-E1-41)
======Looking at /var/log/radsecproxy.log, radsecproxy shows different amount of requests for the same time frame :
Mon Aug 8 15:10:58 2022: radsrv: got Access-Request (id 193) with username: 2669314093 at bypass.org from client 127.0.0.1 (127.0.0.1)
Mon Aug 8 15:10:58 2022: radsrv: got Access-Request (id 89) with username: 2669314093 at bypass.org from client 127.0.0.1 (127.0.0.1)
Mon Aug 8 15:10:58 2022: Access-Accept for user 2669314093 at bypass.org stationid 20-F4-12:31-E1-41 from tl3.outside.org to 127.0.0.1 (127.0.0.1)
Mon Aug 8 16:11:00 2022: radsrv: got Accounting-Request (id 146) with username: 2669314093 at bypass.org from client 127.0.0.1 (127.0.0.1)
Mon Aug 8 16:11:00 2022: Accounting-Response for user 2669314093 at bypass.org stationid 20-F4-12:31-E1-41 from tl1.outside.org to 127.0.0.1 (127.0.0.1)
=> So it looks like radsecproxy does not receive those requests at all, which doesn´t make sense for me as it runs on the same virtual machine. Did I miss some kind of rate limiting configuration for either freeradius or radsecproxy?
Best Regards
Michael
More information about the Freeradius-Users
mailing list