<div dir="ltr">Hi Alan,<div><br></div><div>I have set the below configuration in proxy.conf and it is not working. I need help in fixing it.</div><div><br></div><div><div>home_server ssid_700 {</div><div> type = auth</div>
<div> ipaddr = <a href="tel:16.108.158.172" value="+16108158172" target="_blank">16.108.158.172</a></div><div> port = 1812</div><div> secret = testing123</div><div> require_message_authenticator = yes</div>
<div> response_window = 20</div><div> zombie_period = 40</div>
<div> revive_interval = 120</div><div> status_check = status-server</div><div> check_interval = 30</div><div> num_answers_to_alive = 3</div><div> coa {</div><div> # Initial retransmit interval: 1..5</div>
<div> irt = 2</div><div><br></div><div> # Maximum Retransmit Timeout: 1..30 (0 == no maximum)</div><div> mrt = 16</div><div><br></div><div> # Maximum Retransmit Count: 1..20 (0 == retransmit forever)</div>
<div> mrc = 5</div><div><br></div><div> # Maximum Retransmit Duration: 5..60</div><div> mrd = 30</div><div> }</div><div>}</div><div><br></div><div>home_server_pool ssid_700_pool {</div>
<div> type = fail-over</div><div> home_server = ssid_700</div><div>}</div><div><br></div><div>realm ssid_700_realm {</div><div> auth_pool = ssid_700_pool</div><div> nostrip</div><div>}</div><div>
<br></div><div>if ( Colubris-AVPair == "ssid=uww_700" ) {</div><div> update control {</div><div> Proxy-To_Realm := "ssid_700_realm"</div><div> }</div><div>}</div><div><br>
</div>
</div><div><div>#realm NULL {</div><div># authhost = <a href="http://radius.company.com:1600" target="_blank">radius.company.com:1600</a></div><div># accthost = <a href="http://radius.company.com:1601" target="_blank">radius.company.com:1601</a></div>
<div># secret = testing123</div><div>#}</div><div><br></div><div>#</div><div># This realm is for ALL OTHER requests.</div><div>#</div><div>#realm DEFAULT {</div><div># authhost = <a href="http://radius.company.com:1600" target="_blank">radius.company.com:1600</a></div>
<div># accthost = <a href="http://radius.company.com:1601" target="_blank">radius.company.com:1601</a></div><div># secret = testing123</div><div>#}</div></div><div><br></div><div>With the above configuration, it is not entering the if condition (unlang). Below is the debug log. It say there is no @ with the user and looking up realm NULL. I have commented out the realm NULL and realm DEFAULT.</div>
<div><br></div><div><br></div><div>rad_recv: Access-Request packet from host 16.108.159.73 port 56904, id=180, length=233</div><div><span style="white-space:pre-wrap"> </span>Acct-Session-Id = "084a02e6"</div>
<div><span style="white-space:pre-wrap"> </span>NAS-Port = 0</div><div><span style="white-space:pre-wrap"> </span>NAS-Port-Type = Wireless-802.11</div><div><span style="white-space:pre-wrap"> </span>User-Name = "t"</div>
<div><span style="white-space:pre-wrap"> </span>Calling-Station-Id = "38-AA-3C-8B-23-2D"</div><div><span style="white-space:pre-wrap"> </span>Called-Station-Id = "D8-9D-67-41-59-20"</div><div><span style="white-space:pre-wrap"> </span>EAP-Message = 0x020100060319</div>
<div><span style="white-space:pre-wrap"> </span>State = 0x07f1ce5e07f0caa193a06ec11ba58fe2</div><div><span style="white-space:pre-wrap"> </span>NAS-Identifier = "SG3413P2DH"</div><div><span style="white-space:pre-wrap"> </span>NAS-IP-Address = 16.108.159.73</div>
<div><span style="white-space:pre-wrap"> </span>Framed-MTU = 1496</div><div><span style="white-space:pre-wrap"> </span>Connect-Info = "IEEE802.1X"</div><div><span style="white-space:pre-wrap"> </span>Framed-Protocol = PPP</div>
<div><span style="white-space:pre-wrap"> </span>Service-Type = Framed-User</div><div><span style="white-space:pre-wrap"> </span>Colubris-AVPair = "ssid=uww_700"</div><div><span style="white-space:pre-wrap"> </span>Colubris-AVPair = "group=Default Group"</div>
<div><span style="white-space:pre-wrap"> </span>Colubris-AVPair = "vsc-unique-id=3"</div><div><span style="white-space:pre-wrap"> </span>Message-Authenticator = 0xd653b1d0f1fa3ea4dcb3f01de9eb2c5b</div><div>
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default</div><div>+group authorize {</div><div>++[preprocess] = ok</div><div>++[chap] = noop</div><div>++[mschap] = noop</div><div>++[digest] = noop</div>
<div>[suffix] No '@' in User-Name = "t", looking up realm NULL</div><div>[suffix] No such realm "NULL" </div><div><br></div><div><br></div><div><div>What configuration change that i have to do to make it working?</div>
<div>I need to have a home server pool for each of the ssid. I need to do below kind of setup;</div><div><br></div><div><div>if ( Colubris-AVPair == "ssid=uww_700" ) {</div><div> //use home_server_pool = ssid_700_pool</div>
<div>}</div></div><div><br></div><div><div>if ( Colubris-AVPair == "ssid=uww_800" ) {</div><div> //use home_server_pool = ssid_800_pool</div><div>}</div></div></div><div><br></div><div>Also need to know where the unlang (the if condition) needs to be specified? Does it needs to be specified inside any block? </div>
<div><br></div><div>Thanks,</div><div>Ila.</div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Apr 7, 2014 at 2:05 PM, Alan DeKok <span dir="ltr"><<a href="mailto:aland@deployingradius.com" target="_blank">aland@deployingradius.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="">Ilavajuthy Palanisamy wrote:<br>
> Now I need a help in setting up various sets of Radius servers in<br>
> proxy.conf based on some VSA value in Access_Request. The requirement is<br>
> to redirect the requests to appropriate Radius servers based on the VSA<br>
> value.<br>
<br>
</div> You can manually force proxying via the Proxy-To-Realm attribute. In<br>
"unlang":<br>
<br>
update control {<br>
Proxy-To-Realm := "realm-name"<br>
<div class="HOEnZb"><div class="h5"> }<br>
<br>
Alan DeKok.<br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</div></div></blockquote></div><br></div>