Proxy not sending out packets (was Re: Proxying a PEAP request to an IAS server)

[Dan Newcombe]

Alan DeKok wrote:

>Dan Newcombe <DanNewcombe at mail.clayton.edu> wrote:
>  
>
>>The short of it is I'm trying to get 802.1x with PEAP to be proxied by 
>>freeradius to an ias radius server.
>>    
>>
>
>  Start simple.  Use PAP, and "radtest" to send the packets.  If that
>makes FreeRADIUS proxy the packets, then go to PEAP.  Otherwise,
>you're test is just too complicated, and you don't know what's going
>wrong.
>  
>
I used radtest and the request was proxied just fine, and the ias box 
gave me a positive response.

>  This is really an issue with the kernel, I think.  If FreeRADIUS
>calls the kernel "send packet" function, it should work.
>  
>
That was my thoughts - was just hoping someone knew a reason why it may 
not be doing so.  I'm currently digging deep in the source where the 
packet is sent and trying to remember my disused socket programming 
memories to see just what it is trying to send, hoping to find something 
glaringly obvious.

One thing I've noticed is on the non-PEAP packets, the src address of 
the packet going to the IAS box is 172.28.240.73, whereas on the PEAP 
packets, it is 127.0.0.1, which is causing sendmsg in 
udpfromto.c:sendfromto to return an "Invalid Argument" error which says 
on sendmsg:

*EINVAL - *The sum of the /iov_len/ values overflows an *ssize_t*.


>  Can you ping the IAS server from 172.28.240.73?  Can you use
>"radtest" on 172.28.240.73 to send packets to IAS?
>
>  
>
Yes.  I can ping and radtest works, and if it's not a PEAP request, 
freeradius works as well - very odd.