Fwd: VSA does not work when using PROXY

Guilherme Franco guilhermefranco at gmail.com
Mon Sep 18 21:44:16 CEST 2006 

Hello,

I've just managed to make it work using ":=" instead of "==" in attrs file.

:)


---------- Forwarded message ----------
From: Guilherme Franco <guilhermefranco at gmail.com>
Date: Sep 15, 2006 3:51 PM
Subject: VSA does not work when using PROXY
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>


Hello,

Please Help!

Using latest CVS - Proxy-Radius does not pass the VSA, as below (in users):

DEFAULT         Pool-Name := test
                           X-Ascend-Client-Primary-DNS = x.x.x.x,
                           X-Ascend-Client-Assign-DNS = 1,
                           ERX-Virtual-Router-Name = "default",
                           Framed-Routing == None,
                           Framed-Protocol = PPP,
                           Service-Type = Framed-User

note: those vsa works correctly when I try with local users (no proxy):

In attrs file:

realm
       Service-Type == Framed-User,
       Framed-Protocol == PPP,
       X-Ascend-Client-Primary-DNS == x.x.x.x,
       X-Ascend-Client-Assign-DNS == 1,
       ERX-Virtual-Router-Name == "default",
       Idle-Timeout <= 600,
       Session-Timeout <= 28800

Output:

rad_recv: Access-Request packet from host x.x.x.x port 50000, id=55, length=251
        User-Password = "xxx"
        User-Name = "xxx at realm"
        Acct-Session-Id = "erx atm 3/2.42:100.221:0009437817"
        Service-Type = Framed-User
        Framed-Protocol = PPP
        ERX-Pppoe-Description = "pppoe 12:34:56:78:9a:bc"
        Calling-Station-Id = "#BRAS-01#this is a description#100#221"
        Connect-Info = "speed:UBR:12000"
        NAS-Port-Type = xDSL
        NAS-Port = 845414621
        NAS-Port-Id = "atm 3/2.42:100.221"
        NAS-IP-Address = x.x.x.x
        NAS-Identifier = "BRAS-01"
  Processing the authorize section of radiusd.conf
modcall:  entering group authorize for request 0
    rlm_realm: Looking up realm "realm" for User-Name = "xxx"
    rlm_realm: Found realm "realm"
    rlm_realm: Adding Stripped-User-Name = "xxx"
    rlm_realm: Proxying request from user xxx to realm realm
    rlm_realm: Adding Realm = "realm"
    rlm_realm: Preparing to proxy authentication request to realm "realm"
  rlm_eap: No EAP-Message, not doing EAP
    users: Matched entry DEFAULT at line 194
modcall: group authorize returns noop for request 0
Sending Access-Request of id 155 to x.x.x.x port 1645
        User-Password = "xxx"
        User-Name = "xxx"
        Acct-Session-Id = "erx atm 3/2.42:100.221:0009437817"
        Service-Type = Framed-User
        Framed-Protocol = PPP
        ERX-Pppoe-Description = "pppoe 12:34:56:78:9a:bc"
        Calling-Station-Id = "#BRAS-01#this is a description#100#221"
        Connect-Info = "speed:UBR:12000"
        NAS-Port-Type = xDSL
        NAS-Port = 845414621
        NAS-Port-Id = "atm 3/2.42:100.221"
        NAS-IP-Address = x.x.x.x
        NAS-Identifier = "BRAS-01"
        Proxy-State = 0x3535
--- Walking the entire request list ---
Waking up in 1 seconds...
rad_recv: Access-Accept packet from host x.x.x.x port 1645, id=155, length=60
        Framed-IP-Address = 255.255.255.254
        Framed-IP-Netmask = 255.255.255.255
        Framed-MTU = 576
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Framed-Compression = Van-Jacobson-TCP-IP
        Proxy-State = 0x3535
  Processing the post-proxy section of radiusd.conf
modcall:  entering group post-proxy for request 0
 attr_filter: Matched entry realm at line 52
modcall: group post-proxy returns noop for request 0
 authorize: Skipping authorize in post-proxy stage
  rad_check_password:  Found Auth-Type
  rad_check_password: Auth-Type = Accept, accepting the user
  Processing the post-auth section of radiusd.conf
modcall:  entering group post-auth for request 0
radius_xlat:  'x.x.x.x 845414621'
rlm_ippool: MD5 on 'key' directive maps to: 6e4d4f13b0396f83e15609738a3bc036
rlm_ippool: Searching for an entry for key: '6e4d4f13b0396f83e15609738a3bc036'
rlm_ippool: Allocating ip to key: '6e4d4f13b0396f83e15609738a3bc036'
rlm_ippool: num: 1
rlm_ippool: Allocated ip x.x.x.x to client key: 6e4d4f13b0396f83e15609738a3bc036
modcall: group post-auth returns ok for request 0
Sending Access-Accept of id 55 to x.x.x.x port 50000
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Framed-IP-Address = x.x.x.x
        Framed-IP-Netmask = 255.255.255.255
Finished request 0
Going to the next request
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 55 with timestamp 450b0ba9
Nothing to do.  Sleeping until we see a request.

As you can see, The VSA was not included in the Access-Accept response.

Please HELP!


THANKS!

More information about the Freeradius-Users mailing list