PLS Help I get no response for 2 monthe (missing User-name attribute)
Hello All freeradius mailinglist I would appriciate you help Description a telephony service provider is sending Radius req to my RADIUS server who proxy them to a backend server I have configured a free radius server Version 1.1.0 to act as a proxy server to proxy the request to a backend server These are the configuration file clients.conf and the proxy.conf Client.conf client 172.28.185.31/32 { secret=secretgprs1 shortname=RADIUS_GGSN Proxy.conf realm NULL { type = radius authhost=LOCAL accthost=172.31.201.98:1813 (backend server) secret=secretgprs1 } # # This realm is for ALL OTHER requests. # realm DEFAULT { type = radius authhost=LOCAL accthost=172.31.201.98:1813 secret=secretgprs The problem I have noticed that radius request are not proxied at all So I started to dig in and found that freeradius will not proxy accounting If the attribute User -Name is missing As you can see I made some logs and u can see very vividly the problem. I made my own test to emulate the problem with a radius client and as u can see it was proxies The big Q is how to I force the freeradius to pass the request and not to check these header or maybe to use some sort of INJECTION To the header . I Tia Tal assa
a telephony service provider is sending Radius req to my RADIUS server who proxy them to a backend server
You probably meant he is sending *accounting* requests to you? Please be specific in your wording.
I have configured a free radius server Version 1.1.0 to act as a proxy server to proxy the request to a backend server These are the configuration file clients.conf and the proxy.conf
Client.conf client 172.28.185.31/32 { secret=secretgprs1 shortname=RADIUS_GGSN
Proxy.conf realm NULL { type = radius authhost=LOCAL accthost=172.31.201.98:1813 (backend server) secret=secretgprs1 }
# # This realm is for ALL OTHER requests. # realm DEFAULT { type = radius authhost=LOCAL accthost=172.31.201.98:1813 secret=secretgprs
If authhost and accthost are different, there is a bug somewhere. So if you don't receive auth requests anyway and just want to proxy everything that comes in, you'd better set authhost and accthost to the same value.
The big Q is how to I force the freeradius to pass the request and not to check these header or maybe to use some sort of INJECTION To the header .
How about logging all accounting packets to a detail file and using radrelay? BTW: this injection you are talking about works as well and you don't need radrelay then, and it *could* be done in the hints file, but you would require a patch I submitted some time ago because otherwise hints will ignore those acct packets without User-Name. Stefan -- Stefan WINTER RESTENA Foundation - Réseau Téléinformatique de l'Education Nationale et de la Recherche R&D Engineer 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg email: stefan.winter@restena.lu Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473
participants (2)
-
Assa Tal -
Stefan Winter