Problem with proxy-radius function

banga man_gust at yahoo.com
Sat Apr 12 20:07:58 CEST 2008


Alan it seems that this is some kind of bug.
Looks , like configuration is ok, however ….
Specially to test that I’ve create test lab on 3 virtual machine.
RadTest Client 192.168.3.84
aaa (with proxy function)192.168.3.85
aaa2 192.168.3.86
aaa – proxy AAA (should send accounting packet for ealm test.domain to aaa2)
>proxy.conf
proxy server {                                                                                                                      
        default_fallback = no                                                                                                       
}
home_server test1 {                                                                                                                   
        type = acct                                                                                                                 
        ipaddr = 192.168.3.86                                                                                                         
        port = 1813                                                                                                                 
        secret = key                                                                                                          
        status_check = request                                                                                                      
        }                                                                                                                                   
home_server_pool test {                                                                                                              
        type = fail-over                                                                                                            
        home_server = test1                                                                                                          
        }                                                                                                                                   

realm test.domain {                                                                                                                      
        acct_pool = test                                                                                                             
        nostrip                                                                                                                     
        }     
Result:
ONLY FIRST accounting request goes without problem 
Second accounting request gives “unknown home server”
After restart of AAA again – first request ok second and so on fails.
And it does not matter what kind of accounting packet is (that should be 
proxed or “simple” to null realm)
In my example I send two “proxed” packet.

FIX – in real life can check it only on Monday , but for now looks like “old
stile” config can help(this work for my virtual machine).

>
proxy server {                                                                                                                      
        default_fallback = no                                                                                                       
}
realm test.domain {                                                                                                                      
        ipaddr = 192.168.3.86:1813                                                                                                        
        secret = key                                                                                                          
        nostrip                                                                                                                     
}     

All, logs below. Not sure but thing that test that I done on 2.0.2 had not
such problem.

P.S 
Do you recomend include Default and NULL in proxy.conf?

…..
listen {
	type = "acct"
	ipaddr = *
	port = 1813
}
Listening on accounting address * port 1813
Listening on proxy address * port 1479
Ready to process requests.
	Acct-Status-Type = Start
	User-Name = "test at test.domain"
+- entering group preacct
    rlm_realm: Looking up realm "test.domain" for User-Name =
"test at test.domain"
    rlm_realm: Found realm "test.domain"
    rlm_realm: Proxying request from user test to realm test.domain
    rlm_realm: Adding Realm = "test.domain"
    rlm_realm: Preparing to proxy accounting request to realm "test.domain" 
++[suffix] returns updated
+- entering group accounting
rlm_acct_unique: WARNING: Attribute 3GPP2-Correlation-Id was not found in
request, unique ID MAY be inconsistent
rlm_acct_unique: WARNING: Attribute Acct-Session-Id was not found in
request, unique ID MAY be inconsistent
rlm_acct_unique: WARNING: Attribute Calling-Station-Id was not found in
request, unique ID MAY be inconsistent
rlm_acct_unique: Hashing ',,'
rlm_acct_unique: Acct-Unique-Session-ID = "101e73bfbe542522".
++[acct_unique] returns ok
	expand: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
/var/log/radius/radacct/192.168.3.84/detail-20080412
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.3.84/detail-20080412
	expand: %t -> Sat Apr 12 19:07:58 2008
++[detail] returns ok
+- entering group pre-proxy
	expand:
/var/log/radius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d ->
/var/log/radius/radacct/192.168.3.84/pre-proxy-detail-20080412
rlm_detail:
/var/log/radius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d expands
to /var/log/radius/radacct/192.168.3.84/pre-proxy-detail-20080412
	expand: %t -> Sat Apr 12 19:07:58 2008
++[pre_proxy_log] returns ok
	Acct-Status-Type = Start
	User-Name = "test at test.domain"
	Proxy-State = 0x30
Proxying request 0 to home server 192.168.3.86 port 1813
	Acct-Status-Type = Start
	User-Name = "test at test.domain"
	Proxy-State = 0x30
Going to the next request
Waking up in 0.9 seconds.
	Proxy-State = 0x30
+- entering group post-proxy
	expand:
/var/log/radius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d ->
/var/log/radius/radacct/192.168.3.84/post-proxy-detail-20080412
rlm_detail:
/var/log/radius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.3.84/post-proxy-detail-20080412
	expand: %t -> Sat Apr 12 19:07:58 2008
++[post_proxy_log] returns ok
Finished request 0.
Cleaning up request 0 ID 0 with timestamp +10
Going to the next request
Ready to process requests.
	Acct-Status-Type = Start
	User-Name = "test at test.domain"
+- entering group preacct
    rlm_realm: Looking up realm "test.domain" for User-Name =
"test at test.domain"
    rlm_realm: Found realm "test.domain"
    rlm_realm: Proxying request from user test to realm test.domain
    rlm_realm: Adding Realm = "test.domain"
    rlm_realm: Preparing to proxy accounting request to realm "test.domain" 
++[suffix] returns updated
+- entering group accounting
rlm_acct_unique: WARNING: Attribute 3GPP2-Correlation-Id was not found in
request, unique ID MAY be inconsistent
rlm_acct_unique: WARNING: Attribute Acct-Session-Id was not found in
request, unique ID MAY be inconsistent
rlm_acct_unique: WARNING: Attribute Calling-Station-Id was not found in
request, unique ID MAY be inconsistent
rlm_acct_unique: Hashing ',,'
rlm_acct_unique: Acct-Unique-Session-ID = "101e73bfbe542522".
++[acct_unique] returns ok
	expand: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
/var/log/radius/radacct/192.168.3.84/detail-20080412
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.3.84/detail-20080412
	expand: %t -> Sat Apr 12 19:07:59 2008
++[detail] returns ok
+- entering group pre-proxy
	expand:
/var/log/radius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d ->
/var/log/radius/radacct/192.168.3.84/pre-proxy-detail-20080412
rlm_detail:
/var/log/radius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d expands
to /var/log/radius/radacct/192.168.3.84/pre-proxy-detail-20080412
	expand: %t -> Sat Apr 12 19:07:59 2008
++[pre_proxy_log] returns ok
	Acct-Status-Type = Start
	User-Name = "test at test.domain"
	Proxy-State = 0x30
Proxying request 1 to home server 192.168.3.86 port 1813
	Acct-Status-Type = Start
	User-Name = "test at test.domain"
	Proxy-State = 0x30
Going to the next request
Waking up in 0.9 seconds.
Ignoring request from unknown home server 192.168.3.86 port 1813
Waking up in 0.9 seconds.
Waking up in 28.9 seconds.
Discarding duplicate request from client localhost port 1349 - ID: 0 due to
unfinished request 1
Waking up in 27.0 seconds.
Discarding duplicate request from client localhost port 1349 - ID: 0 due to
unfinished request 1
Waking up in 24.1 seconds.


Alan DeKok-4 wrote:
> 
> banga wrote:
>> AnyOne?
>> 
>> Error: Rejecting request 20696 due to lack of any response from home
>> server
>> X.X.X.X port 1646
>> Error: Ignoring request from unknown home server X.X.X.X port 1646  
>> How I can fix that ?
> 
>   I think what's happening is that the home server is sending the
> response from the wrong port.  You would have to show *more* of the
> debug log to be sure.
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> 

-- 
View this message in context: http://www.nabble.com/Problem-with-proxy-radius-function-tp16610498p16654065.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.





More information about the Freeradius-Users mailing list