proxy questions

Justin Church jcc at unc.edu
Tue Nov 14 20:36:17 CET 2006 

Alan DeKok wrote:
> Justin Church <jcc at unc.edu> wrote:
>> I need to be able to proxy accounting requests that arrive with no 
>> User-Name attribute.  Is that possible?  I haven't been able to make it 
>> work.  Maybe I could insert a dummy User-Name pre-proxy and remove it 
>> post-proxy?
> 
>  No.  Just set Proxy-To-Realm = "realm".

Not exactly sure where to set this.  I've tried acct_users with no luck:

rad_recv: Accounting-Request packet from host 152.2.199.26 port 32833, 
id=10, length=81
         NAS-Port = 5060
         Sip-Src-IP = 152.2.199.26
         Acct-Status-Type = Start
         Sip-Transport-Proto = TLS
         Acct-Session-Id = "accounting-session-1-id"
   Processing the preacct section of radiusd.conf
modcall:  entering group preacct for request 0
rlm_acct_unique: WARNING: Attribute Client-IP-Address was not found in 
request, unique ID MAY be inconsistent
rlm_acct_unique: WARNING: Attribute User-Name was not found in request, 
unique ID MAY be inconsistent
rlm_acct_unique: Hashing 'NAS-Port = 5060,,NAS-IP-Address = 
152.2.199.26,Acct-Session-Id = "accounting-session-1-id",'
rlm_acct_unique: Acct-Unique-Session-ID = "2c2e557e174a1b62".
-->    rlm_realm: Proxy reply, or no User-Name.  Ignoring.
modcall: group preacct returns noop for request 0
   Processing the accounting section of radiusd.conf
modcall:  entering group accounting for request 0
radius_xlat: 
'/usr/local/var/log/radius/radacct/152.2.199.26/detail-20061114'
rlm_detail: 
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d 
expands to /usr/local/var/log/radius/radacct/152.2.199.26/detail-20061114
radius_xlat:  'Tue Nov 14 14:30:25 2006'
radius_xlat:  '/usr/local/var/log/radius/radutmp'
radius_xlat:  ''
modcall: group accounting returns ok for request 0
Sending Accounting-Response of id 10 to 152.2.199.26 port 32833
Finished request 0
Going to the next request
--- Walking the entire request list ---
Cleaning up request 0 ID 10 with timestamp 455a1951
Nothing to do.  Sleeping until we see a request.


proxy.conf

realm NULL {
   type    = radius
   accthost  = 152.23.129.213:1815
   secret    = <removed>
   nostrip
}

acct_users

DEFAULT Proxy-To-Realm = "NULL"

Thanks.

-jc

> 
>> Also, I notice that when running in -X mode, the accounting-response is 
>> not relayed to the original client.  Works fine when not in -X mode. 
> 
>   Weird.
> 
>   Hmm... it may be cleaning up the request too aggressively.  I'll
> take a look at  it.
> 
>   Alan DeKok.
> --
>   http://deployingradius.com       - The web site of the book
>   http://deployingradius.com/blog/ - The blog
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list