Issues with Auth when freeradius proxies to another freeradius server.
Willie Yeo
willie at fuzzyeyes.com
Wed Aug 29 01:46:56 CEST 2007
I am running a Cisco 7200 with vpdn tunnels.
Freeradius 1.1.6 server I am running,
My authentications to my local box of other realms (e.g. @bbb.org,
@ccc.com) within the local box is working fine, but authenticating
from Cisco router nas_ip_x, to my local radius box, and then (re-)
proxying realm @ggg.net to another Freeradius server is failing.
The router doesn't get a response at all, but the radius debug shows
that the remote freeradius is responding with rad_recv: Access-Accept
packet from host remote_freeradius_ip:1812, id=3, length=48, and I
can see the logs remote box it is authenticated.
All I can see is that my local radius box list
"modcall: group authorize returns fail for request 11"
and I don't see a response to the Cisco router.
Any pointers will be much appreciated.
Thank you.
Willie
--- Walking the entire request list ---
Waking up in 3 seconds...
rad_recv: Access-Request packet from host nas_ip_x:1645, id=15,
length=104
Framed-Protocol = PPP
User-Name = "greg at ggg.net"
CHAP-Password = 0x251f4cce03886d9d4594e0e977028f9364
NAS-Port-Type = Virtual
NAS-Port = 655
Calling-Station-Id = "qwb209000200750"
Service-Type = Framed-User
NAS-IP-Address = nas_ip_x
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 11
modcall[authorize]: module "preprocess" returns ok for request 11
rlm_chap: Setting 'Auth-Type := CHAP'
modcall[authorize]: module "chap" returns ok for request 11
modcall[authorize]: module "mschap" returns noop for request 11
rlm_realm: Looking up realm "ggg.net" for User-Name =
"greg at ggg.net"
rlm_realm: Found realm "ggg.net"
rlm_realm: Proxying request from user greg to realm ggg.net
rlm_realm: Adding Realm = "ggg.net"
rlm_realm: Preparing to proxy authentication request to realm
"ggg.net"
modcall[authorize]: module "suffix" returns updated for request 11
modcall[authorize]: module "files" returns notfound for request 11
radius_xlat: ''
modcall[authorize]: module "sql" returns fail for request 11
modcall: group authorize returns fail for request 11
Sending Access-Request of id 3 to remote_freeradius_ip:1812
Framed-Protocol = PPP
User-Name = "greg at ggg.net"
CHAP-Password = 0x251f4cce03886d9d4594e0e977028f9364
NAS-Port-Type = Virtual
NAS-Port = 655
Calling-Station-Id = "qwb209000200750"
Service-Type = Framed-User
NAS-IP-Address = nas_ip_x
CHAP-Challenge = 0x4110b677d9b60422bf19448745fab584
Proxy-State = 0x3135
Waking up in 3 seconds...
rad_recv: Access-Accept packet from host remote_freeradius_ip:1812,
id=3, length=48
Framed-IP-Address = 210.8.255.11
Framed-Protocol = PPP
Service-Type = Framed-User
Framed-Compression = Van-Jacobson-TCP-IP
Proxy-State = 0x3135
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 11
modcall[authorize]: module "preprocess" returns ok for request 11
rlm_chap: WARNING: Auth-Type already set. Not setting to CHAP
modcall[authorize]: module "chap" returns noop for request 11
modcall[authorize]: module "mschap" returns noop for request 11
rlm_realm: Proxy reply, or no User-Name. Ignoring.
modcall[authorize]: module "suffix" returns noop for request 11
modcall[authorize]: module "files" returns notfound for request 11
radius_xlat: ''
modcall[authorize]: module "sql" returns fail for request 11
modcall: group authorize returns fail for request 11
Finished request 11
Going to the next request
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 10 ID 14 with timestamp 46d4260e
Cleaning up request 11 ID 15 with timestamp 46d4260e
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070829/d4407b18/attachment.html>
More information about the Freeradius-Users
mailing list