Proxying doesn't work!

Tomas Hoger tomas.hoger at gmail.com
Wed Jul 11 09:43:24 CEST 2007 

Hi Federico!

Check default radiusd.conf and search for "realm" and "suffix".  It
looks like you're not calling rlm_realm in authorize.

th.


On 7/11/07, Federico Giannici <giannici at neomedia.it> wrote:
> We have a working FreeRADIUS 1.1.4 running since a lot of months.
> Now we have to proxy the requests for a realm (gtenet.it) to a given
> RADIUS server, but our server seems to ignore the proxy configuration!
>
> I have set "proxy_requests = yes" and included the "proxy.conf" file
> (I'm sure of these, looked at the debug output).
>
> Here it is our "proxy.conf" file:
>
> proxy server {
>         synchronous = no
>         retry_delay = 5
>         retry_count = 3
>         dead_time = 120
>         default_fallback = yes
>         post_proxy_authorize = no
> }
> realm gtenet.it {
>         type        = radius
>         authhost    = 195.103.212.53:1645
>         accthost    = 195.103.212.53:1646
>         secret      = XXXXXXXXX
> }
>
> When a request for xxxx at gtenet.it is received, it goes through the
> authorization and then instead of being proxied it goes through
> authentication and obviously fail!
>
> Here it is the output of the server in debug mode:
>
> Jul 10 18:55:29 aragorn radiusd[23262]: Going to the next request
> Jul 10 18:55:29 aragorn radiusd[23262]: Waking up in 6 seconds...
> Jul 10 18:55:29 aragorn radiusd[23262]: rad_lowerpair:  User-Name now
> 'neomedia at gtenet.it'
> Jul 10 18:55:29 aragorn radiusd[23262]: rad_lowerpair:  User-Password
> now 'XXXXXXXX'
> Jul 10 18:55:29 aragorn radiusd[23262]: rad_rmspace_pair:  User-Name now
> 'neomedia at gtenet.it'
> Jul 10 18:55:29 aragorn radiusd[23262]: rad_rmspace_pair:  User-Password
> now 'XXXXXXXX'
> Jul 10 18:55:29 aragorn radiusd[23262]:   Processing the authorize
> section of radiusd.conf
> Jul 10 18:55:29 aragorn radiusd[23262]: modcall: entering group
> authorize for request 72
> Jul 10 18:55:29 aragorn radiusd[23262]:   modcall[authorize]: module
> "preprocess" returns ok for request 72
> Jul 10 18:55:29 aragorn radiusd[23262]:   modcall[authorize]: module
> "nm" returns noop for request 72
> Jul 10 18:55:29 aragorn radiusd[23262]:   modcall[authorize]: module
> "chap" returns noop for request 72
> Jul 10 18:55:29 aragorn radiusd[23262]:   modcall[authorize]: module
> "mschap" returns noop for request 72
> Jul 10 18:55:29 aragorn radiusd[23262]: rlm_pap: WARNING! No "known
> good" password found for the user.  Authentication may fail because of this.
> Jul 10 18:55:29 aragorn radiusd[23262]:   modcall[authorize]: module
> "pap" returns noop for request 72
> Jul 10 18:55:29 aragorn radiusd[23262]: modcall: leaving group authorize
> (returns ok) for request 72
> Jul 10 18:55:29 aragorn radiusd[23262]: auth: No authenticate method
> (Auth-Type) configuration found for the request: Rejecting the user
> Jul 10 18:55:29 aragorn radiusd[23262]: auth: Failed to validate the user.
>
> Any hints of what could be the problem?

More information about the Freeradius-Users mailing list