IAS and Openser

Artur Hayne arturhayne at yahoo.com.br
Thu Sep 14 15:13:20 CEST 2006 

   modcall[authorize]: module "auth_log" returns ok for request 3
   modcall[authorize]: module "chap" returns noop for request 3
     rlm_realm: Looking up realm "voip.domain.br" for User-Name = "teste at voip.domain.br"
     rlm_realm: Found realm "DEFAULT"
     rlm_realm: Proxying request from user teste to realm DEFAULT
     rlm_realm: Adding Realm = "DEFAULT"
     rlm_realm: Preparing to proxy authentication request to realm "DEFAULT"
   modcall[authorize]: module "suffix" returns updated for request 3
 rlm_digest: Adding Auth-Type = DIGEST
   modcall[authorize]: module "digest" returns ok for request 3
 rlm_ldap: - authorize
 rlm_ldap: performing user authorization for teste at voip.domain.br
 radius_xlat:  '(uid=teste at voip.domain.br)'
 radius_xlat:  'ou=users,dc=voip,dc=domain,dc=br'
 rlm_ldap: ldap_get_conn: Checking Id: 0
 rlm_ldap: ldap_get_conn: Got Id: 0
 rlm_ldap: performing search in ou=users,dc=voip,dc=domain,dc=br, with filter (uid=teste at voip.domain.br)
 rlm_ldap: object not found or got ambiguous search result
 rlm_ldap: search failed
 rlm_ldap: ldap_release_conn: Release Id: 0
   modcall[authorize]: module "ldap" returns notfound for request 3
 modcall: leaving group authorize (returns notfound) for request 3
 Sending Access-Request of id 3 to 10.2.1.XY port 1600
         User-Name = "teste at voip.domain.br"
         Digest-Attributes = 0x0a077465737465
         Digest-Attributes = 0x010e766f69702e756662612e6272
         Digest-Attributes = 0x022a34353039343233343264313165616336306262366262633263373539643630666362383939656131
         Digest-Attributes = 0x04127369703a766f69702e756662612e6272
         Digest-Attributes = 0x030a5245474953544552
         Digest-Response = "4283445dcb36643dab5f437e10f692bf"
         Service-Type = IAPP-Register
         X-Ascend-PW-Lifetime = 0x7465737465
         NAS-IP-Address = 10.2.1.XX
         NAS-Port = 5060
         Proxy-State = 0x323038
 Re-sending Access-Request of id 0 to 10.2.1.XX port 1600
         User-Name = "teste at voip.domain.br"
         Digest-Attributes = 0x0a077465737465
         Digest-Attributes = 0x010e766f69702e756662612e6272
         Digest-Attributes = 0x022a34353039343233343264313165616336306262366262633263373539643630666362383939656131
         Digest-Attributes = 0x04127369703a766f69702e756662612e6272
         Digest-Attributes = 0x030a5245474953544552
         Digest-Response = "4283445dcb36643dab5f437e10f692bf"
         Service-Type = IAPP-Register
         X-Ascend-PW-Lifetime = 0x7465737465
         NAS-IP-Address = 10.2.1.XX
         NAS-Port = 5060
         Client-IP-Address = 10.2.1.XX
         Realm = "DEFAULT"
         Module-Failure-Message = "rlm_ldap: User not found"
         Realm = "DEFAULT"
         Proxy-State = 0x323035
 Waking up in 1 seconds...
 rad_recv: Access-Request packet from host 10.2.1.XX:33634, id=206, length=200
 Ignoring duplicate packet from client OpenSER:33634 - ID: 206, due to outstanding proxied request 1.
 
 Its seems the proxy is working, but it dont communicate with the IAS. 
 
 -- Module-Failure-Message = "rlm_ldap: User not found" --
 I dont know what meanig, but the sound is not good.
 The command ldasearch return a rigth answer, I dont know what happended.
 
 The problem is in IAS? How can I test it?
 
 Any ideia?
 
 Merci.
 
 --------

freeradius-users-request at lists.freeradius.org escreveu:Hi,

>  How can I transform freeradius server in a proxy?
>  I configured the proxy.conf, but seems dont work
>
>  And I uncommnet the line in radiusd.conf:
>
>  proxy_requests  = yes
>  $INCLUDE  ${confdir}/proxy.conf
>
>  I wanna do this:
>  |Openser| -> |Radiusclient| -> |Freeradius| -> |IAS| -> |AD|
>
>  Its work?
>
>  And in IAS should I configured anything?

Configure the NULL realm with the same settings as DEFAULT. Other than that, 
the config sounds good to me. Did you change anything apart from that in the 
default config file? In particular, you need to have at least one instance of 
the "realm" module in authorize { }. The default config has "suffix" in 
there, that should be fine. You need to be sure then that your user names 
don't contain the @ character - otherwise they won't match the DEFAULT realm 
you set up in proxy.conf.

If you are positive that an instance of realm is in authorize and NULL is 
configured, but it still doesn't work then please post the debug output 
(radiusd -X) of a packet that arrived and was supposed to be proxied, but 
wasn't.

>  Sorry for the portuguese e-mail.

When I read it, I wondered what strange dialect of Spanish this is. :-) 
Portuguese and Spanish aren't that far apart after all, it seems.

Greetings,

Stefan Winter


 		
---------------------------------
 Yahoo! Acesso Grátis - Internet rápida e grátis. Instale o discador agora! 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060914/d9587070/attachment.html>

More information about the Freeradius-Users mailing list