<div dir="ltr"><span style="font-family:arial,sans-serif;font-size:13px">Ok, so now that I have this working...rlm_cache is loading just fine, but I think I may be making an error (based on what I want to achieve anyway). I've taken information from the article </span><a href="http://wiki.freeradius.org/modules/Rlm_cache#Two-call-caching" target="_blank" style="font-family:arial,sans-serif;font-size:13px">http://wiki.freeradius.org/modules/Rlm_cache#Two-call-caching</a><span style="font-family:arial,sans-serif;font-size:13px">, and i see the cache working, but is it in the wrong place?</span><div style="font-family:arial,sans-serif;font-size:13px">
<br></div><div style="font-family:arial,sans-serif;font-size:13px">My hope was that if the user doesn't exist in sql (which "tester" doesn't) then forward. When you get a response, cache these attributes (user account, authZ privileges, etc) back into the sql database. I don't see any updates to the radcheck table, but I'm not 100% sure if that's where it should go. Sorry for being slow here...can anyone help, or do I have this wrong? I'm probably missing something easy here or just getting the formatting wrong. </div>
<div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">output (i can give more if necessary):</div><div style="font-family:arial,sans-serif;font-size:13px">
<br></div><div style="font-family:arial,sans-serif;font-size:13px"><p>[sql] User tester not found<br>+++[sql] = notfound<br>++} # if (notfound) = notfound<br>++update control {<br>++} # update control = noop<br>[cache] expand: %{User-Name} -> tester<br>
[cache] expand: reply:Reply-Message -> reply:Reply-Message<br>[cache] expand: Cache last updated at %t -> Cache last updated at Fri Jun 13 16:41:10 2014<br>[cache] expand: ssssssssssssssssssssssssssssssss -> ssssssssssssssssssssssssssssssss<br>
[cache] expand: %{randstr:ssssssssssssssssssssssssssssssss} -> gcEKJNqJQcCe4J4qSRlEciZ7DYDhJW7e<br>rlm_cache: Adding entry for "tester", with TTL of 10<br>++[cache] = updated<br>+} # group authorize = updated<br>
WARNING: Empty pre-proxy section. Using default return values.<br>Sending Access-Request of id 182 to 192.168.1.35 port 1812<br>User-Name = "tester"<br>User-Password = "suckit"<br>NAS-IP-Address = 192.168.1.136<br>
NAS-Port = 0<br>Message-Authenticator = 0x00000000000000000000000000000000<br>Proxy-State = 0x313133<br>Proxying request 0 to home server 192.168.1.35 port 1812<br>Sending Access-Request of id 182 to 192.168.1.35 port 1812<br>
User-Name = "tester"<br>User-Password = "suckit"<br>NAS-IP-Address = 192.168.1.136<br>NAS-Port = 0<br>Message-Authenticator = 0x00000000000000000000000000000000<br>Proxy-State = 0x313133<br>Going to the next request<br>
Waking up in 0.9 seconds.<br>Waking up in 19.0 seconds.<br>rad_recv: Access-Request packet from host 127.0.0.1 port 42674, id=113, length=76<br>Sending duplicate proxied request to home server 192.168.1.35 port 1812 - ID: 182<br>
Sending Access-Request of id 182 to 192.168.1.35 port 1812<br>User-Name = "tester"<br>User-Password = "suckit"<br>NAS-IP-Address = 192.168.1.136<br>NAS-Port = 0<br>Message-Authenticator = 0x00000000000000000000000000000000<br>
Proxy-State = 0x313133<br>Waking up in 14.9 seconds.<br>rad_recv: Access-Accept packet from host 192.168.1.35 port 1812, id=182, length=25<br>Proxy-State = 0x313133<br><br>The config under authorize section:</p><div><div>
############ CUSTOM AUTHORIZE STATEMENTS ############</div><div> if (!notfound) {</div><div> update control {</div><div> Proxy-To-Realm := "DARTH_RSA"</div><div> }</div>
<div> }</div><div>############ CUSTOM CACHING REQUIREMENTS ############</div><div class="im"><div> update control {</div><div> Cache-Status-Only = 'yes'</div><div> }</div><div> cache</div>
<div> if (notfound) {</div><div> sql</div><div> }</div><div> update control {</div><div> Cache-Status-Only := 'no'</div><div> }</div><div> cache</div>
</div><div>############ CUSTOM AUTHORIZE STATEMENTS ############</div></div></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Jun 12, 2014 at 11:50 PM, Brandon Jozsa <span dir="ltr"><<a href="mailto:bjozsa@gmail.com" target="_blank">bjozsa@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello,<div><br></div><div>I've been trying to work through the issues and by searching high and low for solutions before turning to this users list. I'm sorry if this is a stupid question (I've seen worse though, so maybe I shouldn't feel bad).</div>
<div><br></div><div>I have a very high need to use the rlm_cache module with Freeradius on CentOS 6.5. I'm trying to first us the statement:</div><div><br></div><div>----- snipped -----<br></div><div><br></div><div><div>
authorize {</div><div> if (!notfound) {</div><div> update control {</div><div> Proxy-To-Realm := "SOME_REALM"</div><div> }</div><div> }</div><div>----- snipped -----<br>
</div><div><br></div><div>which works GREAT alone...but I also want to use the cache function like so:</div><div><br></div><div>----- snipped -----<br></div><div><div> update control {</div><div> Cache-Status-Only = 'yes'</div>
<div> }</div><div> cache</div><div> if (notfound) {</div><div> sql</div><div> }</div><div> update control {</div><div> Cache-Status-Only := 'no'</div>
<div> }</div><div> cache</div></div><div><br></div><div>----- snipped -----</div><div><br></div><div>which doesn't work (obviously) because rlm_cache isn't included with 2.1.12, or so it seems anyway.</div>
<div><br></div><div>My hope is (it is a hope anyway) that I can collect authN/authZ replies from an upstream radius server and cache them locally; thus building a mysql database of users access/privileges and let this run on an environment before cutting completely over to our new Freeradius setup. Again, I'm hoping it can work like this...getting rid of RSA and using LinOTP or MOTP would be so nice; it would be more flexible and user friendly, but I really need to collect authN and authZ in order to rebuild our massive user-base.</div>
<div><br></div><div>My issue...CentOS, which is our "approved platform" (I'm rolling my eyes and giving air quotes), doesn't have a newer version of Freeradius other than 2.1.12. I think the rlm_cache modules are only included in 3.0.0 and higher, is that right?</div>
<div><br></div><div>So, I started looking on how to build from source...and I found one; great news I thought!! Enter: <a href="http://confluence.diamond.ac.uk/display/PAAUTH/FreeRADIUS+specs+and+sources+for+CentOS+6" target="_blank">http://confluence.diamond.ac.uk/display/PAAUTH/FreeRADIUS+specs+and+sources+for+CentOS+6</a>. I thought this would save the day, but there are broken links for 3.0.0 and I am running into major issues; it just doesn't seem to work at all. I also tried to build it out, take the rlm_cache.so lib over to my 2.1.12 installation, but Freeradius barfed all over that little trick.</div>
<div><br></div><div>What are my options here? I could really use some help. Any ideas?</div><span class="HOEnZb"><font color="#888888"><div><br></div>-- <br>Brandon<br>
</font></span></div></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br>Brandon<br>
</div>