<div dir="ltr"><div><div><div>Hi <br><br></div>I testing freeradius 3 version for upgrade our old version 2 freeradius server.<br><br></div>Local auth works well but when I need to proxy realm I always got "no response from the server", I spoke to the guy who look after the remote radius server and he confirms it is running. <br><br></div><div>my version 2 configuration is working well though.<br></div><div><br></div>this is what i get in debug mode:<br><br> <br>Received Access-Request Id 36 from <a href="http://192.168.1.20:1814">192.168.1.20:1814</a> to <a href="http://10.128.1.10:1812">10.128.1.10:1812</a> length 141
<br> User-Name = '<a href="mailto:bob@test.com">bob@test.com</a>'
<br> NAS-IP-Address = 127.0.0.1
<br> Calling-Station-Id = '02-00-00-00-00-01'
<br> Framed-MTU = 1400
<br> NAS-Port-Type = Wireless-802.11
<br> Connect-Info = 'CONNECT 11Mbps 802.11b'
<br> EAP-Message = 0x02000014016e656d616e646940756e616b2e6973
<br> Message-Authenticator = 0xe32df9f6e41ef3d00ac9a5943427a59f
<br> Proxy-State = 0x30
<br>(0) Received Access-Request packet from host 192.168.1.20 port 1814, id=36, length=141
<br>(0) User-Name = '<a href="mailto:bob@test.com">bob@test.com</a>'
<br>(0) NAS-IP-Address = 127.0.0.1
<br>(0) Calling-Station-Id = '02-00-00-00-00-01'
<br>(0) Framed-MTU = 1400
<br>(0) NAS-Port-Type = Wireless-802.11
<br>(0) Connect-Info = 'CONNECT 11Mbps 802.11b'
<br>(0) EAP-Message = 0x02000014016e656d616e646940756e616b2e6973
<br>(0) Message-Authenticator = 0xe32df9f6e41ef3d00ac9a5943427a59f
<br>(0) Proxy-State = 0x30
<br>(0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
<br>(0) authorize {
<br>(0) filter_username filter_username {
<br>(0) if (!&User-Name)
<br>(0) if (!&User-Name) -> FALSE
<br>(0) if (&User-Name =~ / /)
<br>(0) if (&User-Name =~ / /) -> FALSE
<br>(0) if (&User-Name =~ /@.*@/ )
<br>(0) if (&User-Name =~ /@.*@/ ) -> FALSE
<br>(0) if (&User-Name =~ /\\.\\./ )
<br>(0) if (&User-Name =~ /\\.\\./ ) -> FALSE
<br>(0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
<br>(0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
<br>(0) if (&User-Name =~ /\\.$/)
<br>(0) if (&User-Name =~ /\\.$/) -> FALSE
<br>(0) if (&User-Name =~ /@\\./)
<br>(0) if (&User-Name =~ /@\\./) -> FALSE
<br>(0) } # filter_username filter_username = notfound
<br>(0) [preprocess] = ok
<br>(0) auth_log : EXPAND /var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
<br>(0) auth_log : --> /var/log/radacct/<a href="http://192.168.1.20/auth-detail-20141208">192.168.1.20/auth-detail-20141208</a>
<br>(0) auth_log : /var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radacct/<a href="http://192.168.1.20/auth-detail-20141208">192.168.1.20/auth-detail-20141208</a>
<br>(0) auth_log : EXPAND %t
<br>(0) auth_log : --> Mon Dec 8 16:38:14 2014
<br>(0) [auth_log] = ok
<br>(0) [chap] = noop
<br>(0) [mschap] = noop
<br>(0) [digest] = noop
<br>(0) suffix : Checking for suffix after "@"
<br>(0) suffix : Looking up realm "<a href="http://test.com">test.com</a>" for User-Name = "<a href="mailto:bob@test.com">bob@test.com</a>"
<br>(0) suffix : Found realm "<a href="http://test.com">test.com</a>"
<br>(0) suffix : Adding Realm = "<a href="http://test.com">test.com</a>"
<br>(0) suffix : Proxying request from user <a href="mailto:bob@test.com">bob@test.com</a> to realm <a href="http://test.com">test.com</a>
<br>(0) suffix : Preparing to proxy authentication request to realm "<a href="http://test.com">test.com</a>"
<br>(0) [suffix] = updated
<br>(0) eap : Request is supposed to be proxied to Realm <a href="http://test.com">test.com</a>. Not doing EAP.
<br>(0) [eap] = noop
<br>(0) [files] = noop
<br>(0) [expiration] = noop
<br>(0) [logintime] = noop
<br>(0) [pap] = noop
<br>(0) } # authorize = updated
<br>(0) # Executing section pre-proxy from file /usr/local/etc/raddb/sites-enabled/default
<br>(0) pre-proxy {
<br>(0) operator-name.pre-proxy operator-name.pre-proxy {
<br>(0) if (("%{request:Packet-Type}" == 'Access-Request') && "%{client:Operator-Name}")
<br>(0) EXPAND %{request:Packet-Type}
<br>(0) --> Access-Request
<br>(0) Client does not contain config item "Operator-Name"
<br>(0) EXPAND %{client:Operator-Name}
<br>(0) -->
<br>(0) if (("%{request:Packet-Type}" == 'Access-Request') && "%{client:Operator-Name}") -> FALSE
<br>(0) } # operator-name.pre-proxy operator-name.pre-proxy = noop
<br>(0) pre_proxy_log : EXPAND /var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d
<br>(0) pre_proxy_log : --> /var/log/radacct/<a href="http://192.168.1.20/pre-proxy-detail-20141208">192.168.1.20/pre-proxy-detail-20141208</a>
<br>(0) pre_proxy_log : /var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d expands to /var/log/radacct/<a href="http://192.168.1.20/pre-proxy-detail-20141208">192.168.1.20/pre-proxy-detail-20141208</a>
<br>(0) pre_proxy_log : EXPAND %t
<br>(0) pre_proxy_log : --> Mon Dec 8 16:38:14 2014
<br>(0) [pre_proxy_log] = ok
<br>(0) } # pre-proxy = ok
<br>Opening new proxy socket 'proxy address * port 0'
<br>Listening on proxy address * port 37396
<br>(0) Proxying request to home server remote-rad-server port 1812 timeout 30.000000
<br>(0) Sending Access-Request packet to host remote-rad-server port 1812, id=175, length=0
<br>(0) User-Name = '<a href="mailto:bob@test.com">bob@test.com</a>'
<br>(0) NAS-IP-Address = 127.0.0.1
<br>(0) Calling-Station-Id = '02-00-00-00-00-01'
<br>(0) Framed-MTU = 1400
<br>(0) NAS-Port-Type = Wireless-802.11
<br>(0) Connect-Info = 'CONNECT 11Mbps 802.11b'
<br>(0) EAP-Message = 0x02000014016e656d616e646940756e616b2e6973
<br>(0) Message-Authenticator = 0xe32df9f6e41ef3d00ac9a5943427a59f
<br>(0) Proxy-State = 0x30
<br>(0) Event-Timestamp = 'Dec 8 2014 16:38:14 GMT'
<br>(0) Realm = '<a href="http://test.com">test.com</a>'
<br>(0) EAP-Type = Identity
<br>(0) Proxy-State = 0x3336
<br>Sending Access-Request Id 175 from <a href="http://0.0.0.0:37396">0.0.0.0:37396</a> to remote-rad-server:1812
<br> User-Name = '<a href="mailto:bob@test.com">bob@test.com</a>'
<br> NAS-IP-Address = 127.0.0.1
<br> Calling-Station-Id = '02-00-00-00-00-01'
<br> Framed-MTU = 1400
<br> NAS-Port-Type = Wireless-802.11
<br> Connect-Info = 'CONNECT 11Mbps 802.11b'
<br> EAP-Message = 0x02000014016e656d616e646940756e616b2e6973
<br> Message-Authenticator = 0xe32df9f6e41ef3d00ac9a5943427a59f
<br> Proxy-State = 0x30
<br> Event-Timestamp = 'Dec 8 2014 16:38:14 GMT'
<br> Proxy-State = 0x3336
<br>Waking up in 0.3 seconds.
<br>Waking up in 0.1 seconds.
<br>(0) Expecting proxy response no later than 29.488865 seconds from now
<br>Waking up in 29.4 seconds.
<br>Received Access-Request Id 36 from <a href="http://192.168.1.20:1814">192.168.1.20:1814</a> to <a href="http://10.128.1.10:1812">10.128.1.10:1812</a> length 141
<br>(0) Sending duplicate proxied request to home server remote-rad-server port 1812 - ID: 175
<br>(0) Sending Access-Request packet to host remote-rad-server port 1812, id=175, length=151
<br>(0) User-Name = '<a href="mailto:bob@test.com">bob@test.com</a>'
<br>(0) NAS-IP-Address = 127.0.0.1
<br>(0) Calling-Station-Id = '02-00-00-00-00-01'
<br>(0) Framed-MTU = 1400
<br>(0) NAS-Port-Type = Wireless-802.11
<br>(0) Connect-Info = 'CONNECT 11Mbps 802.11b'
<br>(0) EAP-Message = 0x02000014016e656d616e646940756e616b2e6973
<br>(0) Message-Authenticator = 0xe32df9f6e41ef3d00ac9a5943427a59f
<br>(0) Proxy-State = 0x30
<br>(0) Event-Timestamp = 'Dec 8 2014 16:38:14 GMT'
<br>(0) Realm = '<a href="http://test.com">test.com</a>'
<br>(0) EAP-Type = Identity
<br>(0) Proxy-State = 0x3336
<br>Sending Access-Request Id 175 from <a href="http://0.0.0.0:37396">0.0.0.0:37396</a> to remote-rad-server:1812
<br> User-Name = '<a href="mailto:bob@test.com">bob@test.com</a>'
<br> NAS-IP-Address = 127.0.0.1
<br> Calling-Station-Id = '02-00-00-00-00-01'
<br> Framed-MTU = 1400
<br> NAS-Port-Type = Wireless-802.11
<br> Connect-Info = 'CONNECT 11Mbps 802.11b'
<br> EAP-Message = 0x02000014016e656d616e646940756e616b2e6973
<br> Message-Authenticator = 0xe32df9f6e41ef3d00ac9a5943427a59f
<br> Proxy-State = 0x30
<br> Event-Timestamp = 'Dec 8 2014 16:38:14 GMT'
<br> Proxy-State = 0x3336
<br>Waking up in 26.9 seconds.
<br>Received Access-Request Id 36 from <a href="http://192.168.1.20:1814">192.168.1.20:1814</a> to <a href="http://10.128.1.10:1812">10.128.1.10:1812</a> length 141
<br>(0) Sending duplicate proxied request to home server remote-rad-server port 1812 - ID: 175
<br>(0) Sending Access-Request packet to host remote-rad-server port 1812, id=175, length=151
<br>(0) User-Name = '<a href="mailto:bob@test.com">bob@test.com</a>'
<br>(0) NAS-IP-Address = 127.0.0.1
<br>(0) Calling-Station-Id = '02-00-00-00-00-01'
<br>(0) Framed-MTU = 1400
<br>(0) NAS-Port-Type = Wireless-802.11
<br>(0) Connect-Info = 'CONNECT 11Mbps 802.11b'
<br>(0) EAP-Message = 0x02000014016e656d616e646940756e616b2e6973
<br>(0) Message-Authenticator = 0xe32df9f6e41ef3d00ac9a5943427a59f
<br>(0) Proxy-State = 0x30
<br>(0) Event-Timestamp = 'Dec 8 2014 16:38:14 GMT'
<br>(0) Realm = '<a href="http://test.com">test.com</a>'
<br>(0) EAP-Type = Identity
<br>(0) Proxy-State = 0x3336
<br>Sending Access-Request Id 175 from <a href="http://0.0.0.0:37396">0.0.0.0:37396</a> to remote-rad-server:1812
<br> User-Name = '<a href="mailto:bob@test.com">bob@test.com</a>'
<br> NAS-IP-Address = 127.0.0.1
<br> Calling-Station-Id = '02-00-00-00-00-01'
<br> Framed-MTU = 1400
<br> NAS-Port-Type = Wireless-802.11
<br> Connect-Info = 'CONNECT 11Mbps 802.11b'
<br> EAP-Message = 0x02000014016e656d616e646940756e616b2e6973
<br> Message-Authenticator = 0xe32df9f6e41ef3d00ac9a5943427a59f
<br> Proxy-State = 0x30
<br> Event-Timestamp = 'Dec 8 2014 16:38:14 GMT'
<br> Proxy-State = 0x3336
<br>Waking up in 20.9 seconds.
<br>Received Access-Request Id 36 from <a href="http://192.168.1.20:1814">192.168.1.20:1814</a> to <a href="http://10.128.1.10:1812">10.128.1.10:1812</a> length 141
<br>(0) Sending duplicate proxied request to home server remote-rad-server port 1812 - ID: 175
<br>(0) Sending Access-Request packet to host remote-rad-server port 1812, id=175, length=151
<br>(0) User-Name = '<a href="mailto:bob@test.com">bob@test.com</a>'
<br>(0) NAS-IP-Address = 127.0.0.1
<br>(0) Calling-Station-Id = '02-00-00-00-00-01'
<br>(0) Framed-MTU = 1400
<br>(0) NAS-Port-Type = Wireless-802.11
<br>(0) Connect-Info = 'CONNECT 11Mbps 802.11b'
<br>(0) EAP-Message = 0x02000014016e656d616e646940756e616b2e6973
<br>(0) Message-Authenticator = 0xe32df9f6e41ef3d00ac9a5943427a59f
<br>(0) Proxy-State = 0x30
<br>(0) Event-Timestamp = 'Dec 8 2014 16:38:14 GMT'
<br>(0) Realm = '<a href="http://test.com">test.com</a>'
<br>(0) EAP-Type = Identity
<br>(0) Proxy-State = 0x3336
<br>Sending Access-Request Id 175 from <a href="http://0.0.0.0:37396">0.0.0.0:37396</a> to remote-rad-server:1812
<br> User-Name = '<a href="mailto:bob@test.com">bob@test.com</a>'
<br> NAS-IP-Address = 127.0.0.1
<br> Calling-Station-Id = '02-00-00-00-00-01'
<br> Framed-MTU = 1400
<br> NAS-Port-Type = Wireless-802.11
<br> Connect-Info = 'CONNECT 11Mbps 802.11b'
<br> EAP-Message = 0x02000014016e656d616e646940756e616b2e6973
<br> Message-Authenticator = 0xe32df9f6e41ef3d00ac9a5943427a59f
<br> Proxy-State = 0x30
<br> Event-Timestamp = 'Dec 8 2014 16:38:14 GMT'
<br> Proxy-State = 0x3336
<br>Waking up in 8.9 seconds.
<br>Received Status-Server Id 248 from <a href="http://192.168.1.20:1814">192.168.1.20:1814</a> to <a href="http://10.128.1.10:1812">10.128.1.10:1812</a> length 68
<br> Message-Authenticator = 0x9f4f11180db5f0c2be4113388ea12cbf
<br> NAS-Identifier = 'Status Check. Are you alive?'
<br>(1) Received Status-Server packet from host 192.168.1.20 port 1814, id=248, length=68
<br>(1) Message-Authenticator = 0x9f4f11180db5f0c2be4113388ea12cbf
<br>(1) NAS-Identifier = 'Status Check. Are you alive?'
<br>(1) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default
<br>(1) post-auth {
<br>(1) reply_log : EXPAND /var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d
<br>(1) reply_log : --> /var/log/radacct/<a href="http://192.168.1.20/reply-detail-20141208">192.168.1.20/reply-detail-20141208</a>
<br>(1) reply_log : /var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d expands to /var/log/radacct/<a href="http://192.168.1.20/reply-detail-20141208">192.168.1.20/reply-detail-20141208</a>
<br>(1) reply_log : EXPAND %t
<br>(1) reply_log : --> Mon Dec 8 16:38:44 2014
<br>(1) [reply_log] = ok
<br>(1) [exec] = noop
<br>(1) remove_reply_message_if_eap remove_reply_message_if_eap {
<br>(1) if (&reply:EAP-Message && &reply:Reply-Message)
<br>(1) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
<br>(1) else else {
<br>(1) [noop] = noop
<br>(1) } # else else = noop
<br>(1) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
<br>(1) } # post-auth = ok
<br>(1) Sending Access-Accept packet to host 192.168.1.20 port 1814, id=248, length=0
<br>Sending Access-Accept Id 248 from <a href="http://10.128.1.10:1812">10.128.1.10:1812</a> to <a href="http://192.168.1.20:1814">192.168.1.20:1814</a>
<br>(1) Finished request
<br>(0) No proxy response, giving up on request and marking it done
<br>�[1mMarking home server remote-rad-server port 1812 as zombie (it has not responded in 30.000000 seconds).�[0m
<br>PING: Waiting 4 seconds for response to ping
<br>Sending Status-Server Id 44 from <a href="http://0.0.0.0:37396">0.0.0.0:37396</a> to remote-rad-server:1812
<br> Message-Authenticator := 0x00
<br> NAS-Identifier := 'Status Check 0. Are you alive?'
<br>PING: Next status packet in 60 seconds
<br>�[1m�[31m(0) ERROR: Failing proxied request, due to lack of any response from home server remote-rad-server port 1812�[0m
<br>Waking up in 0.3 seconds.
<br>Waking up in 3.6 seconds.
<br>�[31mNo response to status check 2 for home server remote-rad-server port 1812�[0m
<br>Waking up in 0.8 seconds.
<br>(1) Cleaning up request packet ID 248 with timestamp +40
<br>(0) Cleaning up request packet ID 36 with timestamp +10
<br>Waking up in 57.0 seconds.
<br>^C
<br></div>