Problem with proxy-radius function
banga
man_gust at yahoo.com
Sat Apr 12 20:07:58 CEST 2008
Alan it seems that this is some kind of bug.
Looks , like configuration is ok, however ….
Specially to test that I’ve create test lab on 3 virtual machine.
RadTest Client 192.168.3.84
aaa (with proxy function)192.168.3.85
aaa2 192.168.3.86
aaa – proxy AAA (should send accounting packet for ealm test.domain to aaa2)
>proxy.conf
proxy server {
default_fallback = no
}
home_server test1 {
type = acct
ipaddr = 192.168.3.86
port = 1813
secret = key
status_check = request
}
home_server_pool test {
type = fail-over
home_server = test1
}
realm test.domain {
acct_pool = test
nostrip
}
Result:
ONLY FIRST accounting request goes without problem
Second accounting request gives “unknown home server”
After restart of AAA again – first request ok second and so on fails.
And it does not matter what kind of accounting packet is (that should be
proxed or “simple” to null realm)
In my example I send two “proxed” packet.
FIX – in real life can check it only on Monday , but for now looks like “old
stile” config can help(this work for my virtual machine).
>
proxy server {
default_fallback = no
}
realm test.domain {
ipaddr = 192.168.3.86:1813
secret = key
nostrip
}
All, logs below. Not sure but thing that test that I done on 2.0.2 had not
such problem.
P.S
Do you recomend include Default and NULL in proxy.conf?
…..
listen {
type = "acct"
ipaddr = *
port = 1813
}
Listening on accounting address * port 1813
Listening on proxy address * port 1479
Ready to process requests.
Acct-Status-Type = Start
User-Name = "test at test.domain"
+- entering group preacct
rlm_realm: Looking up realm "test.domain" for User-Name =
"test at test.domain"
rlm_realm: Found realm "test.domain"
rlm_realm: Proxying request from user test to realm test.domain
rlm_realm: Adding Realm = "test.domain"
rlm_realm: Preparing to proxy accounting request to realm "test.domain"
++[suffix] returns updated
+- entering group accounting
rlm_acct_unique: WARNING: Attribute 3GPP2-Correlation-Id was not found in
request, unique ID MAY be inconsistent
rlm_acct_unique: WARNING: Attribute Acct-Session-Id was not found in
request, unique ID MAY be inconsistent
rlm_acct_unique: WARNING: Attribute Calling-Station-Id was not found in
request, unique ID MAY be inconsistent
rlm_acct_unique: Hashing ',,'
rlm_acct_unique: Acct-Unique-Session-ID = "101e73bfbe542522".
++[acct_unique] returns ok
expand: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
/var/log/radius/radacct/192.168.3.84/detail-20080412
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.3.84/detail-20080412
expand: %t -> Sat Apr 12 19:07:58 2008
++[detail] returns ok
+- entering group pre-proxy
expand:
/var/log/radius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d ->
/var/log/radius/radacct/192.168.3.84/pre-proxy-detail-20080412
rlm_detail:
/var/log/radius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d expands
to /var/log/radius/radacct/192.168.3.84/pre-proxy-detail-20080412
expand: %t -> Sat Apr 12 19:07:58 2008
++[pre_proxy_log] returns ok
Acct-Status-Type = Start
User-Name = "test at test.domain"
Proxy-State = 0x30
Proxying request 0 to home server 192.168.3.86 port 1813
Acct-Status-Type = Start
User-Name = "test at test.domain"
Proxy-State = 0x30
Going to the next request
Waking up in 0.9 seconds.
Proxy-State = 0x30
+- entering group post-proxy
expand:
/var/log/radius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d ->
/var/log/radius/radacct/192.168.3.84/post-proxy-detail-20080412
rlm_detail:
/var/log/radius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.3.84/post-proxy-detail-20080412
expand: %t -> Sat Apr 12 19:07:58 2008
++[post_proxy_log] returns ok
Finished request 0.
Cleaning up request 0 ID 0 with timestamp +10
Going to the next request
Ready to process requests.
Acct-Status-Type = Start
User-Name = "test at test.domain"
+- entering group preacct
rlm_realm: Looking up realm "test.domain" for User-Name =
"test at test.domain"
rlm_realm: Found realm "test.domain"
rlm_realm: Proxying request from user test to realm test.domain
rlm_realm: Adding Realm = "test.domain"
rlm_realm: Preparing to proxy accounting request to realm "test.domain"
++[suffix] returns updated
+- entering group accounting
rlm_acct_unique: WARNING: Attribute 3GPP2-Correlation-Id was not found in
request, unique ID MAY be inconsistent
rlm_acct_unique: WARNING: Attribute Acct-Session-Id was not found in
request, unique ID MAY be inconsistent
rlm_acct_unique: WARNING: Attribute Calling-Station-Id was not found in
request, unique ID MAY be inconsistent
rlm_acct_unique: Hashing ',,'
rlm_acct_unique: Acct-Unique-Session-ID = "101e73bfbe542522".
++[acct_unique] returns ok
expand: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
/var/log/radius/radacct/192.168.3.84/detail-20080412
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.3.84/detail-20080412
expand: %t -> Sat Apr 12 19:07:59 2008
++[detail] returns ok
+- entering group pre-proxy
expand:
/var/log/radius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d ->
/var/log/radius/radacct/192.168.3.84/pre-proxy-detail-20080412
rlm_detail:
/var/log/radius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d expands
to /var/log/radius/radacct/192.168.3.84/pre-proxy-detail-20080412
expand: %t -> Sat Apr 12 19:07:59 2008
++[pre_proxy_log] returns ok
Acct-Status-Type = Start
User-Name = "test at test.domain"
Proxy-State = 0x30
Proxying request 1 to home server 192.168.3.86 port 1813
Acct-Status-Type = Start
User-Name = "test at test.domain"
Proxy-State = 0x30
Going to the next request
Waking up in 0.9 seconds.
Ignoring request from unknown home server 192.168.3.86 port 1813
Waking up in 0.9 seconds.
Waking up in 28.9 seconds.
Discarding duplicate request from client localhost port 1349 - ID: 0 due to
unfinished request 1
Waking up in 27.0 seconds.
Discarding duplicate request from client localhost port 1349 - ID: 0 due to
unfinished request 1
Waking up in 24.1 seconds.
Alan DeKok-4 wrote:
>
> banga wrote:
>> AnyOne?
>>
>> Error: Rejecting request 20696 due to lack of any response from home
>> server
>> X.X.X.X port 1646
>> Error: Ignoring request from unknown home server X.X.X.X port 1646
>> How I can fix that ?
>
> I think what's happening is that the home server is sending the
> response from the wrong port. You would have to show *more* of the
> debug log to be sure.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
--
View this message in context: http://www.nabble.com/Problem-with-proxy-radius-function-tp16610498p16654065.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list