Proxying without nostrip

amarquez001 at ikasle.ehu.es amarquez001 at ikasle.ehu.es
Fri Jul 6 15:23:27 CEST 2007


Hi everyone:

I want to proxy requests with i2t realm to a i2t.server.com

The problem is that if I use nostrip directive in the proxy.conf of the
proxy server, all works fine.
But I need to store logins in the i2t.server.com without the realm name,
so I use this configuration from the proxy.conf in the proxy server:

realm i2t {
	type		= radius
	authhost	= 192.168.2.2:1812
	accthost	= 192.168.2.2:1813
	secret		= testing123
	strip
}

The result of the execution in the i2t.server.com is:

root at alvaro-desktop:/etc/freeradius# freeradius -X
Starting - reading configuration files ...
 .
 .
 .
Module: Instantiated radutmp (radutmp) 
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.2.1:1814, id=0, length=150
        User-Name = "user1"
        NAS-IP-Address = 192.168.1.1
        NAS-Port = 0
        Called-Station-Id = "00-0C-29-81-54-F3:"
        Calling-Station-Id = "00-0C-29-EC-7D-9D"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 0Mbps 802.11"
        EAP-Message = 0x0209000e01757365723140693274
        Message-Authenticator = 0xae40c811e106af74fc216d522466a797
        Proxy-State = 0x3335
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "user1", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: EAP packet type response id 9 length 14
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 0
    users: Matched entry user1 at line 1
  modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: Identity does not match User-Name, setting from EAP Identity.
  rlm_eap: Failed in handler
  modcall[authenticate]: module "eap" returns invalid for request 0
modcall: leaving group authenticate (returns invalid) for request 0
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 0 to 192.168.2.1 port 1814
        Proxy-State = 0x3335
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 0 with timestamp 468e1d50
Nothing to do.  Sleeping until we see a request.
rad_recv: Accounting-Request packet from host 192.168.2.1:1814, id=0,
length=159
        Acct-Session-Id = "468D84AB-0000000D"
        Acct-Status-Type = Stop
        Acct-Authentic = RADIUS
        User-Name = "user1"
        NAS-IP-Address = 192.168.1.1
        NAS-Port = 0
        Called-Station-Id = "00-0C-29-81-54-F3:"
        Calling-Station-Id = "00-0C-29-EC-7D-9D"
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 0Mbps 802.11"
        Acct-Session-Time = 301
        Event-Timestamp = "Jul  6 2007 12:48:16 CEST"
        Acct-Terminate-Cause = Idle-Timeout
        Proxy-State = 0x3336
  Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 1
  modcall[preacct]: module "preprocess" returns noop for request 1
rlm_acct_unique: Hashing 'NAS-Port = 0,Client-IP-Address =
192.168.2.1,NAS-IP-Address = 192.168.1.1,Acct-Session-Id =
"468D84AB-0000000D",User-Name = "user1"'
rlm_acct_unique: Acct-Unique-Session-ID = "e9f7ae8a84e4857d".
  modcall[preacct]: module "acct_unique" returns ok for request 1
    rlm_realm: No '@' in User-Name = "user1", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[preacct]: module "suffix" returns noop for request 1
  modcall[preacct]: module "files" returns noop for request 1
modcall: leaving group preacct (returns ok) for request 1
  Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 1
radius_xlat:  '/var/log/freeradius/radacct/192.168.2.1/detail-20070706'
rlm_detail:
/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to /var/log/freeradius/radacct/192.168.2.1/detail-20070706
  modcall[accounting]: module "detail" returns ok for request 1
  modcall[accounting]: module "unix" returns ok for request 1
radius_xlat:  '/var/log/freeradius/radutmp'
radius_xlat:  'user1'
  modcall[accounting]: module "radutmp" returns ok for request 1
modcall: leaving group accounting (returns ok) for request 1
Sending Accounting-Response of id 0 to 192.168.2.1 port 1814
        Proxy-State = 0x3336
Finished request 1
Going to the next request
--- Walking the entire request list ---
Cleaning up request 1 ID 0 with timestamp 468e1db0
Nothing to do.  Sleeping until we see a request.

Why rejects the request??
Any idea??

Thanks in advance.
- Alvaro.





More information about the Freeradius-Users mailing list