The server will carry local authentication first, despite of proxying or not, is this correct?
Hi all: In radiusd.c, function "int rad_respond(REQUEST *request, RAD_REQUEST_FUNP fun)", I found such problem: If a AUTHENTICATION_REQUEST or ACCOUNTING_REQUEST packet is received, the server will first carry the operation (ex. authentication) itself, then send proxy request to home server, despite of proxying or not. For example, home server is 61.191.145.206,port 1645, with realm "serv.com", I test in local server: "./radtest test@serv.com test localhost 12 testing123", we can find that in local server, an authentication operation is carried before proxying to home sever 61.191.145.206, which is not needed at all. Is the behaviour correct? Thanks for reply! rad_recv: Access-Request packet from host 127.0.0.1:39969, id=17, length=65 User-Name = "test@serv.com" User-Password = "test" NAS-IP-Address = 255.255.255.255 NAS-Port = 12 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: Looking up realm "serv.com" for User-Name = "test@serv.com" rlm_realm: Found realm "serv.com" rlm_realm: Adding Stripped-User-Name = "test" rlm_realm: Proxying request from user test to realm serv.com rlm_realm: Adding Realm = "serv.com" rlm_realm: Preparing to proxy authentication request to realm "serv.com" modcall[authorize]: module "suffix" returns updated for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 0 radius_xlat: 'test@serv.com' rlm_sql (sql): sql_set_user escaped user --> 'test@serv.com' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'test@serv.com' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Att ribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test@serv.com' AND usergroup.GroupName = radgroupcheck.Gro upName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'test@serv.com' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Att ribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'test@serv.com' AND usergroup.GroupName = radgroupreply.Gro upName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok for request 0 modcall[authorize]: module "pap" returns noop for request 0 modcall: leaving group authorize (returns updated) for request 0 Sending Access-Request of id 0 to 61.191.145.206 port 1645 User-Name = "test" User-Password = "test" NAS-IP-Address = 255.255.255.255 NAS-Port = 12 Proxy-State = 0x3137 --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 127.0.0.1:39969, id=17, length=65 Ignoring duplicate packet from client localhost:39969 - ID: 17, due to outstandi ng proxied request 0. --- Walking the entire request list --- Waking up in 3 seconds... LinHai lh@mail.tzptt.zj.cn 2007-04-16
participants (1)
-
LinHai