The server will carry local authentication first, despite of proxying or not, is this correct?
LinHai
lh at mail.tzptt.zj.cn
Mon Apr 16 07:04:30 CEST 2007
Hi all:
In radiusd.c, function "int rad_respond(REQUEST *request, RAD_REQUEST_FUNP fun)", I found such problem:
If a AUTHENTICATION_REQUEST or ACCOUNTING_REQUEST packet is received, the server will first carry the operation
(ex. authentication) itself, then send proxy request to home server, despite of proxying or not.
For example, home server is 61.191.145.206,port 1645, with realm "serv.com", I test in local server: "./radtest test at serv.com test localhost 12 testing123", we can find that in local server, an authentication operation is
carried before proxying to home sever 61.191.145.206, which is not needed at all.
Is the behaviour correct?
Thanks for reply!
rad_recv: Access-Request packet from host 127.0.0.1:39969, id=17, length=65
User-Name = "test at serv.com"
User-Password = "test"
NAS-IP-Address = 255.255.255.255
NAS-Port = 12
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: Looking up realm "serv.com" for User-Name = "test at serv.com"
rlm_realm: Found realm "serv.com"
rlm_realm: Adding Stripped-User-Name = "test"
rlm_realm: Proxying request from user test to realm serv.com
rlm_realm: Adding Realm = "serv.com"
rlm_realm: Preparing to proxy authentication request to realm "serv.com"
modcall[authorize]: module "suffix" returns updated for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry DEFAULT at line 153
modcall[authorize]: module "files" returns ok for request 0
radius_xlat: 'test at serv.com'
rlm_sql (sql): sql_set_user escaped user --> 'test at serv.com'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'test at serv.com' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Att ribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test at serv.com' AND usergroup.GroupName = radgroupcheck.Gro upName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'test at serv.com' ORDER BY id'
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Att ribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'test at serv.com' AND usergroup.GroupName = radgroupreply.Gro upName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns ok for request 0
modcall[authorize]: module "pap" returns noop for request 0
modcall: leaving group authorize (returns updated) for request 0
Sending Access-Request of id 0 to 61.191.145.206 port 1645
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 255.255.255.255
NAS-Port = 12
Proxy-State = 0x3137
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:39969, id=17, length=65
Ignoring duplicate packet from client localhost:39969 - ID: 17, due to outstandi ng proxied request 0.
--- Walking the entire request list ---
Waking up in 3 seconds...
LinHai
lh at mail.tzptt.zj.cn
2007-04-16
More information about the Freeradius-Users
mailing list