<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:·s²Ó©úÅé
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>Hi Alan,<div><br></div><div>Thanks for your response!<br><div>Does that work on 2.2.0 ? Or maybe it works only on 3.x?</div><div>Because I did a simple test yesterday but it seems not working on 2.2.0 :(</div><div>I made a simple test, please refer log below:</div><div><br></div><div>First, I set up a server 1 as a proxy server. It will proxy the request to server 2.</div><div><br></div><div>Server 1 debug log:</div><div>----</div><div><div>rad_recv: Access-Request packet from host 172.30.179.22 port 35802, id=221, length=79</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>User-Name = "test@test"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>User-Password = "123"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-IP-Address = 172.30.179.22</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-Port = 0</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Message-Authenticator = 0x82e274124fd26a6a5c9e2c8105d8f209</div><div># Executing section authorize from file /opt/freeRADIUS/etc/raddb/sites-enabled/default</div><div>+- entering group authorize {...}</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>expand: %{client:Gateway-Type} -> ALU</div><div>++[control] returns notfound</div><div>rlm_perl: RAD_CONFIG: Tmp-String-8 = ALU</div><div>rlm_perl: Added pair User-Name = test@test</div><div>rlm_perl: Added pair User-Password = 123</div><div>rlm_perl: Added pair NAS-Port = 0</div><div>rlm_perl: Added pair NAS-IP-Address = 172.30.179.22</div><div>rlm_perl: Added pair Message-Authenticator = 0x82e274124fd26a6a5c9e2c8105d8f209</div><div>rlm_perl: Added pair Tmp-String-8 = ALU</div><div>++[test_client_config] returns noop</div><div>++[preprocess] returns ok</div><div>[auth_log] <span class="Apple-tab-span" style="white-space:pre"> </span>expand: %{Packet-Src-IP-Address} -> 172.30.179.22</div><div>[auth_log] <span class="Apple-tab-span" style="white-space:pre"> </span>expand: /opt/freeRADIUS/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /opt/freeRADIUS/var/log/radius/radacct/172.30.179.22/auth-detail-20140213</div><div>[auth_log] /opt/freeRADIUS/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /opt/freeRADIUS/var/log/radius/radacct/172.30.179.22/auth-detail-20140213</div><div>[auth_log] <span class="Apple-tab-span" style="white-space:pre"> </span>expand: %t -> Thu Feb 13 09:57:41 2014</div><div>++[auth_log] returns ok</div><div>++[chap] returns noop</div><div>++[mschap] returns noop</div><div>++[digest] returns noop</div><div>[suffix] Looking up realm "test" for User-Name = "test@test"</div><div>[suffix] Found realm "test"</div><div>[suffix] Adding Realm = "test"</div><div>[suffix] Proxying request from user test to realm test</div><div>[suffix] Preparing to proxy authentication request to realm "test" </div><div>++[suffix] returns updated</div><div>[eap] No EAP-Message, not doing EAP</div><div>++[eap] returns noop</div><div>++[files] returns noop</div><div>++[expiration] returns noop</div><div>++[logintime] returns noop</div><div>++[pap] returns noop</div><div># Executing section pre-proxy from file /opt/freeRADIUS/etc/raddb/sites-enabled/default</div><div>+- entering group pre-proxy {...}</div><div>[attr_filter.pre-proxy] <span class="Apple-tab-span" style="white-space:pre"> </span>expand: %{Realm} -> test</div><div>attr_filter: Matched entry DEFAULT at line 50</div><div>++[attr_filter.pre-proxy] returns updated</div><div>Sending Access-Request of id 165 to 172.30.179.22 port 1812</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>User-Name = "test@test"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>User-Password = "123"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-IP-Address = 172.30.179.22</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Message-Authenticator = 0x00000000000000000000000000000000</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Proxy-State = 0x323231</div><div>Proxying request 0 to home server 172.30.179.22 port 1812</div><div>Sending Access-Request of id 165 to 172.30.179.22 port 1812</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>User-Name = "test@test"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>User-Password = "123"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-IP-Address = 172.30.179.22</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Message-Authenticator = 0x00000000000000000000000000000000</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Proxy-State = 0x323231</div><div>Going to the next request</div><div>Waking up in 0.9 seconds.</div><div>Waking up in 19.0 seconds.</div><div>rad_recv: Access-Request packet from host 172.30.179.22 port 35802, id=221, length=79</div><div>Sending duplicate proxied request to home server 172.30.179.22 port 1812 - ID: 165</div><div>Sending Access-Request of id 165 to 172.30.179.22 port 1812</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>User-Name = "test@test"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>User-Password = "123"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-IP-Address = 172.30.179.22</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Message-Authenticator = 0x00000000000000000000000000000000</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Proxy-State = 0x323231</div><div>Waking up in 14.9 seconds.</div><div>rad_recv: Access-Request packet from host 172.30.179.22 port 35802, id=221, length=79</div><div>Sending duplicate proxied request to home server 172.30.179.22 port 1812 - ID: 165</div><div>Sending Access-Request of id 165 to 172.30.179.22 port 1812</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>User-Name = "test@test"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>User-Password = "123"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-IP-Address = 172.30.179.22</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Message-Authenticator = 0x00000000000000000000000000000000</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Proxy-State = 0x323231</div><div>Waking up in 9.9 seconds.</div><div>Cleaning up request 0 ID 221 with timestamp +26</div><div>Marking home server 172.30.179.22 port 1812 as zombie (it looks like it is dead).</div><div>Sending Status-Server of id 205 to 172.30.179.22 port 1812</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Message-Authenticator := 0x00000000000000000000000000000000</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-Identifier := "Status Check. Are you alive?"</div><div>Waking up in 3.9 seconds.</div><div>rad_recv: Access-Accept packet from host 172.30.179.22 port 1812, id=205, length=20</div><div>Received response to status check 1 (1 in current sequence)</div><div>Waking up in 30.4 seconds.</div><div>-----</div><div>Then Server 2 received request from server 1, I put on the policy of "Do Not Response" here to let it not reply to server 1 as Timeout scenario.</div><div><br></div><div>Server 2 debug log:</div><div>-----</div><div><div>rad_recv: Access-Request packet from host 172.30.179.21 port 3102, id=165, length=78</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>User-Name = "test@test"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>User-Password = "123"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-IP-Address = 172.30.179.22</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Message-Authenticator = 0x3f6871b3d1076fa74b7e9bd33421cb40</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Proxy-State = 0x323231</div><div># Executing section authorize from file /opt/freeradius/etc/raddb/sites-enabled/default</div><div>+- entering group authorize {...}</div><div>++- entering policy do_not_respond {...}</div><div>+++[control] returns notfound</div><div>+++[handled] returns handled</div><div>++- policy do_not_respond returns handled</div><div>Not responding to request 0</div><div>Finished request 0.</div><div>Going to the next request</div><div>Waking up in 29.9 seconds.</div><div>rad_recv: Access-Request packet from host 172.30.179.21 port 3102, id=165, length=78</div><div>Ignoring retransmit from client test-21 port 3102 - ID: 165, no reply was configured</div><div>Waking up in 24.9 seconds.</div><div>rad_recv: Access-Request packet from host 172.30.179.21 port 3102, id=165, length=78</div><div>Ignoring retransmit from client test-21 port 3102 - ID: 165, no reply was configured</div><div>Waking up in 19.9 seconds.</div><div>rad_recv: Status-Server packet from host 172.30.179.21 port 3102, id=205, length=68</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Message-Authenticator = 0x7407443309fd2696fedad4b6c91ee1eb</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-Identifier = "Status Check. Are you alive?"</div><div>Sending Access-Accept of id 205 to 172.30.179.21 port 3102</div><div>Finished request 1.</div><div>Cleaning up request 1 ID 205 with timestamp +23</div><div>Going to the next request</div><div>Waking up in 9.9 seconds.</div><div>Cleaning up request 0 ID 165 with timestamp +3</div><div>Ready to process requests.</div></div><div>-----</div><div><br></div><div>As you can see, server 1 did not go into post-proxy-type fail section as I expect :(</div><div>Is there anything I miss or doing wrong? Thanks!</div><div><br></div><div><br></div><div>Okis</div><br>> Chuang Okis wrote:<br>> > we have some statistical requirements for eap-sim, I want know if I can<br>> > identify and log it when we proxy Access-Request/Access-Challenge to<br>> > external AAA home_server but no response back(timeout)?<br>> <br>> Read raddb/sites-available/default. Look for Post-Proxy-Type Fail.</div><div>> <br>> Alan DeKok.<br>> <br><br></div></div> </div></body>
</html>