Proxy Problem maybe a bug!
Mitaine Yoann
ymitaine at yahoo.fr
Wed Aug 16 14:45:48 CEST 2006
Dear everybody,
I've installed the radius 's CVS version of 08-02-06.
I've this architecture :
client < ====> AP <====> Radius A <====> Radius B
proxying
with proxy.conf file :
realm NULL {
type = radius
authhost = LOCAL
accthost = LOCAL
}
realm AAA {
type = radius
authhost = LOCAL
accthost = LOCAL
type = radius
}
realm BBB {
type = radius
authhost = 147.173.3.249:1812
accthost = 147.173.3.249:1813
secret = RaDCNRSgreCentr1
nostrip
}
# This realm is for ALL OTHER requests.
##
realm DEFAULT {
type = radius
authhost = anIP@:1812
accthost = anIP@:1813
secret = RaDCNRSgreCentr1
nostrip
}
I tried to use the proxy's configuration between the Server
A and the Server B.
the server A sent an Access-Request proxied to the Server B.
When the server B answered to the proxy-request by an
Acces-Chalenge request proxied,
I had an error message like this :
"Received Unknown packet code 11from client 147.173.3.249
port 1812: Cannot validate signature Dropping packet without
response."
So I searched for what could cause this error and I think
I found it in the radius.c file, at the end of the rad_verify
function.
in the last switch-case code :
/*
* Calculate and/or verify digest.
*/
switch(packet->code) {
int rcode;
char buffer[32];
case PW_AUTHENTICATION_REQUEST:
case PW_STATUS_SERVER:
case PW_DISCONNECT_REQUEST:
/*
* The authentication vector is random
* nonsense, invented by the client.
*/
break;
case PW_ACCOUNTING_REQUEST:
if (calc_acctdigest(packet, secret) > 1) {
librad_log("Received Accounting-Request packet "
"from %s with invalid signature! (Shared secret is incorrect.)",
inet_ntop(packet->src_ipaddr.af,
&packet->src_ipaddr.ipaddr,buffer,
sizeof(buffer)));
return -1;
}
break;
/* Verify the reply digest */
case PW_AUTHENTICATION_ACK:
case PW_AUTHENTICATION_REJECT:
case PW_ACCOUNTING_RESPONSE:
rcode = calc_replydigest(packet,original, secret);
if (rcode > 1) {
librad_log("Received %s packet "
"from client %s port %d with invalid signature (err=%d)! (Shared secret is
incorrect.)",packet_codes[packet->code],
inet_ntop(packet->src_ipaddr.af,
&packet->src_ipaddr.ipaddr,buffer,
sizeof(buffer)),packet->src_port,
rcode);
return -1;
}
break;
default:
librad_log("Received Unknown packet code %d"
"from client %s port %d:
Cannot validate signature",
packet->code,inet_ntop(packet->src_ipaddr.af,
&packet->src_ipaddr.ipaddr,
buffer,sizeof(buffer)),
packet->src_port);
return -1;
}
There was no case of Acces challenge resquest ,I added it
(case PW_ACCESS_CHALLENGE).
And now the proxy request works !
I would like to know if the change is correct and if somebody already had this error .
Your sincerly.
---------------------------------
Découvrez un nouveau moyen de poser toutes vos questions quelque soit le sujet ! Yahoo! Questions/Réponses pour partager vos connaissances, vos opinions et vos expériences. Cliquez ici.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060816/81909d61/attachment.html>
More information about the Freeradius-Users
mailing list