The server will carry local authentication first, despite of proxying or not, is this correct?

LinHai lh at mail.tzptt.zj.cn
Mon Apr 16 07:04:30 CEST 2007


Hi all:

   In radiusd.c, function "int rad_respond(REQUEST *request, RAD_REQUEST_FUNP fun)", I found such problem: 
If a AUTHENTICATION_REQUEST or ACCOUNTING_REQUEST packet is received, the server will first carry the operation
 (ex. authentication) itself, then send proxy request to home server, despite of proxying or not.
   For example, home server is 61.191.145.206,port 1645, with realm "serv.com", I test in local server: "./radtest test at serv.com test localhost 12 testing123", we can find that in local server, an authentication operation is
carried before proxying to home sever 61.191.145.206, which is not needed at all.
   Is the behaviour correct?
   Thanks for reply!

rad_recv: Access-Request packet from host 127.0.0.1:39969, id=17, length=65
        User-Name = "test at serv.com"
        User-Password = "test"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 12
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: Looking up realm "serv.com" for User-Name = "test at serv.com"
    rlm_realm: Found realm "serv.com"
    rlm_realm: Adding Stripped-User-Name = "test"
    rlm_realm: Proxying request from user test to realm serv.com
    rlm_realm: Adding Realm = "serv.com"
    rlm_realm: Preparing to proxy authentication request to realm "serv.com"
  modcall[authorize]: module "suffix" returns updated for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched entry DEFAULT at line 153
  modcall[authorize]: module "files" returns ok for request 0
radius_xlat:  'test at serv.com'
rlm_sql (sql): sql_set_user escaped user --> 'test at serv.com'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM radcheck                                   WHERE Username = 'test at serv.com'           ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat:  'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Att                        ribute,radgroupcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE                         usergroup.Username = 'test at serv.com' AND usergroup.GroupName = radgroupcheck.Gro                        upName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM radreply                                   WHERE Username = 'test at serv.com'           ORDER BY id'
radius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Att                        ribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE                         usergroup.Username = 'test at serv.com' AND usergroup.GroupName = radgroupreply.Gro                        upName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 4
  modcall[authorize]: module "sql" returns ok for request 0
  modcall[authorize]: module "pap" returns noop for request 0
modcall: leaving group authorize (returns updated) for request 0
Sending Access-Request of id 0 to 61.191.145.206 port 1645
        User-Name = "test"
        User-Password = "test"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 12
        Proxy-State = 0x3137
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:39969, id=17, length=65
Ignoring duplicate packet from client localhost:39969 - ID: 17, due to outstandi                        ng proxied request 0.
--- Walking the entire request list ---
Waking up in 3 seconds...
	  

        LinHai
        lh at mail.tzptt.zj.cn
          2007-04-16




More information about the Freeradius-Users mailing list