IAS and Openser
Artur Hayne
arturhayne at yahoo.com.br
Thu Sep 14 15:13:20 CEST 2006
modcall[authorize]: module "auth_log" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
rlm_realm: Looking up realm "voip.domain.br" for User-Name = "teste at voip.domain.br"
rlm_realm: Found realm "DEFAULT"
rlm_realm: Proxying request from user teste to realm DEFAULT
rlm_realm: Adding Realm = "DEFAULT"
rlm_realm: Preparing to proxy authentication request to realm "DEFAULT"
modcall[authorize]: module "suffix" returns updated for request 3
rlm_digest: Adding Auth-Type = DIGEST
modcall[authorize]: module "digest" returns ok for request 3
rlm_ldap: - authorize
rlm_ldap: performing user authorization for teste at voip.domain.br
radius_xlat: '(uid=teste at voip.domain.br)'
radius_xlat: 'ou=users,dc=voip,dc=domain,dc=br'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=users,dc=voip,dc=domain,dc=br, with filter (uid=teste at voip.domain.br)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns notfound for request 3
modcall: leaving group authorize (returns notfound) for request 3
Sending Access-Request of id 3 to 10.2.1.XY port 1600
User-Name = "teste at voip.domain.br"
Digest-Attributes = 0x0a077465737465
Digest-Attributes = 0x010e766f69702e756662612e6272
Digest-Attributes = 0x022a34353039343233343264313165616336306262366262633263373539643630666362383939656131
Digest-Attributes = 0x04127369703a766f69702e756662612e6272
Digest-Attributes = 0x030a5245474953544552
Digest-Response = "4283445dcb36643dab5f437e10f692bf"
Service-Type = IAPP-Register
X-Ascend-PW-Lifetime = 0x7465737465
NAS-IP-Address = 10.2.1.XX
NAS-Port = 5060
Proxy-State = 0x323038
Re-sending Access-Request of id 0 to 10.2.1.XX port 1600
User-Name = "teste at voip.domain.br"
Digest-Attributes = 0x0a077465737465
Digest-Attributes = 0x010e766f69702e756662612e6272
Digest-Attributes = 0x022a34353039343233343264313165616336306262366262633263373539643630666362383939656131
Digest-Attributes = 0x04127369703a766f69702e756662612e6272
Digest-Attributes = 0x030a5245474953544552
Digest-Response = "4283445dcb36643dab5f437e10f692bf"
Service-Type = IAPP-Register
X-Ascend-PW-Lifetime = 0x7465737465
NAS-IP-Address = 10.2.1.XX
NAS-Port = 5060
Client-IP-Address = 10.2.1.XX
Realm = "DEFAULT"
Module-Failure-Message = "rlm_ldap: User not found"
Realm = "DEFAULT"
Proxy-State = 0x323035
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 10.2.1.XX:33634, id=206, length=200
Ignoring duplicate packet from client OpenSER:33634 - ID: 206, due to outstanding proxied request 1.
Its seems the proxy is working, but it dont communicate with the IAS.
-- Module-Failure-Message = "rlm_ldap: User not found" --
I dont know what meanig, but the sound is not good.
The command ldasearch return a rigth answer, I dont know what happended.
The problem is in IAS? How can I test it?
Any ideia?
Merci.
--------
freeradius-users-request at lists.freeradius.org escreveu:Hi,
> How can I transform freeradius server in a proxy?
> I configured the proxy.conf, but seems dont work
>
> And I uncommnet the line in radiusd.conf:
>
> proxy_requests = yes
> $INCLUDE ${confdir}/proxy.conf
>
> I wanna do this:
> |Openser| -> |Radiusclient| -> |Freeradius| -> |IAS| -> |AD|
>
> Its work?
>
> And in IAS should I configured anything?
Configure the NULL realm with the same settings as DEFAULT. Other than that,
the config sounds good to me. Did you change anything apart from that in the
default config file? In particular, you need to have at least one instance of
the "realm" module in authorize { }. The default config has "suffix" in
there, that should be fine. You need to be sure then that your user names
don't contain the @ character - otherwise they won't match the DEFAULT realm
you set up in proxy.conf.
If you are positive that an instance of realm is in authorize and NULL is
configured, but it still doesn't work then please post the debug output
(radiusd -X) of a packet that arrived and was supposed to be proxied, but
wasn't.
> Sorry for the portuguese e-mail.
When I read it, I wondered what strange dialect of Spanish this is. :-)
Portuguese and Spanish aren't that far apart after all, it seems.
Greetings,
Stefan Winter
---------------------------------
Yahoo! Acesso Grátis - Internet rápida e grátis. Instale o discador agora!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060914/d9587070/attachment.html>
More information about the Freeradius-Users
mailing list