Behaviour of freeradius when receiving a response from a proxy server

Nicolas Castel castelnicolas at gmail.com
Tue Jun 12 12:20:56 CEST 2007 

Hi all,

I wonder about the freeradius server behaviour after receiving a response
from a proxy. Is it normal that the request passes through the post-auth
section once the request has been received ?

Below, the behaviour i observed

Note: this is only a test in order to undersand the freeradius server
behaviour in that case.

rad_recv: Access-Request packet from host 127.0.0.1:16395, id=235,
length=109
        User-Name = "D00000"
        User-Password = "password"
        NAS-IP-Address = 172.26.233.2
        NAS-Port-Type = Wireless-802.11
        WISPr-Location-Name = "Testing:FR,localhost"
        NAS-Identifier = "FRAF1"
        Event-Timestamp = "Jun 12 2007 09:26:34 GMT"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall: entering group request_processing for request 0
radius_xlat:  'test.fr'
rlm_attr_rewrite: Added attribute Proxy-To-Realm with value 'test.fr'
  modcall[authorize]: module "add_proxy_to_realm" returns ok for request 0
modcall: leaving group request_processing (returns ok) for request 0
modcall: leaving group authorize (returns ok) for request 0
  Processing the pre-proxy section of radiusd.conf
modcall: entering group pre-proxy for request 0
modcall: entering group request_processing for request 0
radius_xlat:  '/var/log/freeradius/radacct//RADIUS-Trace-20070612'
rlm_detail:
/var/log/freeradius/radacct/%{Client-IP-Address}/RADIUS-Trace-%Y%m%d expands
to /var/log/freeradius/radacct//RADIUS-Trace-20070612
  modcall[pre-proxy]: module "radius_trace" returns ok for request 0
modcall: leaving group request_processing (returns ok) for request 0
modcall: leaving group pre-proxy (returns ok) for request 0
Sending Access-Request of id 0 to 172.26.233.2 port 1812
        User-Name = "D000001"
        User-Password = "password"
        NAS-IP-Address = 172.26.233.2
        NAS-Port-Type = Wireless-802.11
        WISPr-Location-Name = "Testing:FR,localhost"
        NAS-Identifier = "FRAF1"
        Event-Timestamp = "Jun 12 2007 09:26:34 GMT"
        Proxy-State = 0x323335
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Accept packet from host 172.26.233.2:1812, id=0, length=67
        Reply-Message = "User authenticated on remote platform."
        Proxy-State = 0x323335
  Processing the post-proxy section of radiusd.conf
modcall: entering group post-proxy for request 0
radius_xlat:  '/var/log/freeradius/radacct//RADIUS-Trace-20070612'
rlm_detail:
/var/log/freeradius/radacct/%{Client-IP-Address}/RADIUS-Trace-%Y%m%d expands
to /var/log/freeradius/radacct//RADIUS-Trace-20070612
  modcall[post-proxy]: module "radius_trace" returns ok for request 0
modcall: leaving group post-proxy (returns ok) for request 0
 authorize: Skipping authorize in post-proxy stage
  rad_check_password:  Found Auth-Type
  rad_check_password: Auth-Type = Accept, accepting the user
radius_xlat:  'User authenticated on remote platform.'
  Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 0
modcall: entering group request_processing for request 0
  modcall[post-auth]: module "local_voucher_account_info" returns ok for
request 0
radius_xlat:  '/var/log/freeradius/radacct//RADIUS-Trace-20070612'
rlm_detail:
/var/log/freeradius/radacct/%{Client-IP-Address}/RADIUS-Trace-%Y%m%d expands
to /var/log/freeradius/radacct//RADIUS-Trace-20070612
  modcall[post-auth]: module "radius_trace" returns ok for request 0
modcall: leaving group request_processing (returns ok) for request 0
modcall: leaving group post-auth (returns ok) for request 0
Sending Access-Accept of id 91 to 127.0.0.1 port 16395
        Reply-Message = "User authenticated on remote platform."
Finished request 0
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 91 with timestamp 466e71d8
Nothing to do.  Sleeping until we see a request.

The example above shows that the request passes through authorize,
pre-proxy, post-proxy and then though post-auth. Is there any way that the
request does not pass through the post-auth section ?

Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070612/90c7b3b6/attachment.html>

More information about the Freeradius-Users mailing list