Access-Accept ONLY on every second try

Miguel Reategui Miguel.Reategui at rci.rogers.com
Mon Jan 22 23:34:09 CET 2007 

Thanks for your reply Alan,

I believe I found the problem and I will describe it here as it might
help others
Looks like for some reason the only access-request that was issued, was
being resent endlessly: 
The block below would be repeated 192 times (I don't know why) each time
adding one more Proxy-State line

<log>
modcall[authorize]: module "sql" returns ok for request {/*1 to 192* )
modcall: leaving group authorize (returns updated) for request (/*1 to
192*/)
Sending Access-Request of id (/*1 to 192*/ to xx.xx.xx.xx8 port 1812
        User-Name = "18xxxxxxxx"
        User-Password = "xeexxxxxx"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 1812
        Proxy-State = 0x313230
        Proxy-State = 0x30
        Proxy-State = 0x31
        Proxy-State = 0x32
        Proxy-State = 0x33
</log>

Finally the authentication realm would be marked as DEAD for each
request

<log>
marking authentication server 66.46.144.238:1812 for realm xxx.xx dead
Server rejecting request 2.
marking authentication server 66.46.144.238:1812 for realm xxx.xx dead
Server rejecting request 3.
marking authentication server 66.46.144.238:1812 for realm xxx.xx dead
Server rejecting request 4.
marking authentication server 66.46.144.238:1812 for realm xxx.xx dead
Server rejecting request 5.
marking authentication server 66.46.144.238:1812 for realm xxx.xx dead
Server rejecting request 6.
marking authentication server 66.46.144.238:1812 for realm xxx.xx dead
Server rejecting request 7.
marking authentication server 66.46.144.238:1812 for realm xxx.xx dead
{go on until all requests would be dead}
</log>

As this realm was marked dead, the next request (the second one) would
go through another (default?) realm and this time, it would work
normally.

So, I took the proxy.conf file and commented out the offending realm
information, forcing the "first request" to go to the next realm
(default?) and it worked!!!

I still need to see what I might be affecting as this is probably a Hack

I hope this makes sense to someone....actually I got the idea from
checking an old mailing list archived message about missing proxies

Thanks to everyone, 

Mig

More information about the Freeradius-Users mailing list