Version 2.0 is a lot closer to reality...

Arran Cudbard-Bell A.Cudbard-Bell at sussex.ac.uk
Tue Apr 10 19:51:29 CEST 2007


Alan DeKok wrote:

Got another one for you :P

rlm_detail: /usr/local/freeradius/var/log//%Y%m%d/pre-proxy-detail 
expands to /usr/local/freeradius/var/log//20070410/pre-proxy-detail
radius_xlat:  'Tue Apr 10 18:34:28 2007'
  modcall[pre-proxy]: module "pre_proxy_log" returns ok for request 31
modcall: group pre-proxy returns updated for request 31
Sending Access-Request of id 166 to 194.83.56.233 port 1812
        Service-Type := Authenticate-Only
        User-Name = "ac221 at brighton.ac.uk"
        NAS-IP-Address = 139.184.8.1
        Proxy-State = 0x3135
Proxying request 31 to realm jrs, home server 194.83.56.233 port 1812
Sending Access-Request of id 166 to 194.83.56.233 port 1812
        Service-Type := Authenticate-Only
        User-Name = "ac221 at brighton.ac.uk"
        NAS-IP-Address = 139.184.8.1
        Proxy-State = 0x3135
Going to the next request
Cleaning up request 27 ID 11 with timestamp +641
Cleaning up request 28 ID 12 with timestamp +642
Sending Access-Request of id 188 to 194.83.56.249 port 1812
        User-Name := "test_user at sussex"
        User-Password := "just_testing"
        Service-Type := Authenticate-Only
        Message-Authenticator := 0x00000000000000000000000000000000
        NAS-Identifier := "Ping! Are you alive?"
Sending Access-Request of id 81 to 194.82.174.185 port 1812
        User-Name := "test_user at sussex"
        User-Password := "just_testing"
        Service-Type := Authenticate-Only
        Message-Authenticator := 0x00000000000000000000000000000000
        NAS-Identifier := "Ping! Are you alive?"
Cleaning up request 29 ID 13 with timestamp +643
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 81.6.252.244 port 3363, id=15, 
length=72
FAILURE: Home server 194.83.56.233 port 1812 is dead.
Failed to find live home server for request 31
There was no response configured: rejecting request 31
Sending Access-Reject of id 15 to 81.6.252.244 port 3363
        Tunnel-Type = VLAN
        Tunnel-Medium-Type = IEEE-802
        Tunnel-Private-Group-Id = "134"
        Service-Type = Framed-User
Finished request 31 state 5
Waking up in 1 seconds...
Cleaning up request 30 ID 14 with timestamp +644
Waking up in 2 seconds...
No response to ping 32 from home server 194.83.56.249 port 1812
Cleaning up request 32 with timestamp +647
No response to ping 33 from home server 194.82.174.185 port 1812
Cleaning up request 33 with timestamp +648
Waking up in 12 seconds...
Assertion failed in event.c, line 669
Abort
*process death*

Happens after all the home servers have been marked as dead, and you 
have an incoming request... though could be when it's firing off a ping 
check event.
Either way it's repeatable, and *only* happens when all home servers are 
dead.

Also little one  with access-reject when home server fails to respond. 
Not sent through access reject filter, though that's probably because it 
never passes through post-auth.

Sending Access-Request of id 14 to 139.184.14.181 port 1812
        User-Name = "ac221 at spazland.sussex.ac.uk"
        User-Password = "poptart1"
        Service-Type = Framed-User
        NAS-IP-Address = 139.184.8.1
rad_recv: Access-Reject packet from host 139.184.14.181:1812, id=14, 
length=67
        Reply-Message = "Please use ac221 at sussex.ac.uk as your user ID"
Sending Access-Request of id 15 to 139.184.14.181 port 1812
        User-Name = "ac221 at brighton.ac.uk"
        User-Password = "poptart1"
        Service-Type = Framed-User
        NAS-IP-Address = 139.184.8.1
Re-sending Access-Request of id 15 to 139.184.14.181 port 1812
        User-Name = "ac221 at brighton.ac.uk"
        User-Password = "poptart1"
        Service-Type = Framed-User
        NAS-IP-Address = 139.184.8.1
rad_recv: Access-Reject packet from host 139.184.14.181:1812, id=15, 
length=43
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "134"
        Service-Type = Framed-User

and finally, how do you define a binding for the snmp module.... it's 
on, but I never explicitly bound it to anywhere :|
unlike auth/acct that are bound with listen sections. Seems like there 
may be a need for a small extension to listen sections
to allow type snmp .

Sorry for breaking it again :(

---
Arran



More information about the Freeradius-Users mailing list