FR2 - proxying inner tunnel
Dmitry Sergienko
trooper+freeradius+users at email.dp.ua
Mon Feb 18 22:02:37 CET 2008
Hi!
Dmitry Sergienko wrote:
> But during proxying handler->request->packet->src_ipaddr.ipaddr.ip4addr
> is zero:
>
> I'll try to debug deeper and figure out how to fix this correctly (and
> not to break anything else ;)
>
At last it works. Patch is in attachment.
I'm still not sure if this patch doesn't break anything so please double check it. I'm new
to freeradius code.
Here is the result:
PEAP: Sending tunneled request
EAP-Message = 0x020b00061a03
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "aaa"
State = 0xc0688788c1639d2a0b378c391f825bde
server proxy-inner-tunnel {
Mon Feb 18 18:53:04 2008 : Debug: +- entering group authorize
Mon Feb 18 18:53:04 2008 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 9
Mon Feb 18 18:53:04 2008 : Debug: rlm_eap: EAP packet type response id 11 length 6
Mon Feb 18 18:53:04 2008 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP
conversation
Mon Feb 18 18:53:04 2008 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for
request 9
Mon Feb 18 18:53:04 2008 : Debug: ++[eap] returns updated
Mon Feb 18 18:53:04 2008 : Debug: ++[control] returns updated
} # server proxy-inner-tunnel
PEAP: Got tunneled reply RADIUS code 0
Mon Feb 18 18:53:04 2008 : Debug: PEAP: Calling authenticate in order to initiate
tunneled EAP session.
Mon Feb 18 18:53:04 2008 : Debug: +- entering group authenticate
Mon Feb 18 18:53:04 2008 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for
request 9
Mon Feb 18 18:53:04 2008 : Debug: rlm_eap: Request found, released from the list
Mon Feb 18 18:53:04 2008 : Debug: rlm_eap: EAP/mschapv2
Mon Feb 18 18:53:04 2008 : Debug: rlm_eap: processing type mschapv2
Mon Feb 18 18:53:04 2008 : Debug: rlm_eap: Freeing handler
Mon Feb 18 18:53:04 2008 : Debug: modsingle[authenticate]: returned from eap (rlm_eap)
for request 9
Mon Feb 18 18:53:04 2008 : Debug: ++[eap] returns ok
PEAP: Processing from tunneled session code 0x81a3380 2
EAP-Message = 0x030b0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "aaa"
Mon Feb 18 18:53:04 2008 : Debug: PEAP: Tunneled authentication was successful.
Mon Feb 18 18:53:04 2008 : Debug: rlm_eap_peap: SUCCESS
Mon Feb 18 18:53:04 2008 : Debug: modsingle[authenticate]: returned from eap (rlm_eap)
for request 9
Mon Feb 18 18:53:04 2008 : Debug: ++[eap] returns handled
Sending Access-Challenge of id 128 to 192.168.2.3 port 8021
EAP-Message =
0x010c003b190017030100306ab8df262f8c6d2baed3a48cebc42431d0e21fdb1c045843655aece32052f1d927b38a0913526945e8d673551cf09b68
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x34e964c03de57d86becfe482ce4c450e
Mon Feb 18 18:53:04 2008 : Debug: Finished request 9.
Mon Feb 18 18:53:04 2008 : Debug: Going to the next request
Mon Feb 18 18:53:04 2008 : Debug: Waking up in 0.9 seconds.
Mon Feb 18 18:53:05 2008 : Debug: Cleaning up request 7 ID 126 with timestamp +18
Mon Feb 18 18:53:05 2008 : Debug: Waking up in 2.0 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 8021, id=129, length=295
Framed-MTU = 1466
NAS-IP-Address = 192.168.2.3
NAS-Identifier = "D-Link"
User-Name = "myid at mynet.net"
Service-Type = Framed-User
NAS-Port = 33
NAS-Port-Type = Ethernet
NAS-Port-Id = "ether3_33"
Called-Station-Id = "00-15-e9-b8-79-dd"
Calling-Station-Id = "00-a9-40-0f-83-a5"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
State = 0x34e964c03de57d86becfe482ce4c450e
EAP-Message =
0x020c006019001703010020ba6525822b5e46cf96b43f8d5f3472ee0add04778e445cccee670a1323faf5751703010030f14f2456303f64be72a49607993cd63f327c6fff01e45d0b020e39714c106692f7bdddfc8b51df1163648d47b4b24ece
Message-Authenticator = 0x4213abb85ac838f3426660c0304d3f84
Mon Feb 18 18:53:06 2008 : Debug: +- entering group authorize
Mon Feb 18 18:53:06 2008 : Debug: modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 10
Mon Feb 18 18:53:06 2008 : Debug: modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 10
Mon Feb 18 18:53:06 2008 : Debug: ++[preprocess] returns ok
Mon Feb 18 18:53:06 2008 : Debug: modsingle[authorize]: calling chap (rlm_chap) for
request 10
Mon Feb 18 18:53:06 2008 : Debug: modsingle[authorize]: returned from chap (rlm_chap)
for request 10
Mon Feb 18 18:53:06 2008 : Debug: ++[chap] returns noop
Mon Feb 18 18:53:06 2008 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for
request 10
Mon Feb 18 18:53:06 2008 : Debug: modsingle[authorize]: returned from mschap
(rlm_mschap) for request 10
Mon Feb 18 18:53:06 2008 : Debug: ++[mschap] returns noop
Mon Feb 18 18:53:06 2008 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for
request 10
Mon Feb 18 18:53:06 2008 : Debug: rlm_realm: Looking up realm "mynet.net" for
User-Name = "myid at mynet.net"
Mon Feb 18 18:53:06 2008 : Debug: rlm_realm: No such realm "mynet.net"
Mon Feb 18 18:53:06 2008 : Debug: modsingle[authorize]: returned from suffix (rlm_realm)
for request 10
Mon Feb 18 18:53:06 2008 : Debug: ++[suffix] returns noop
Mon Feb 18 18:53:06 2008 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 10
Mon Feb 18 18:53:06 2008 : Debug: rlm_eap: EAP packet type response id 12 length 96
Mon Feb 18 18:53:06 2008 : Debug: rlm_eap: Continuing tunnel setup.
Mon Feb 18 18:53:06 2008 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for
request 10
Mon Feb 18 18:53:06 2008 : Debug: ++[eap] returns ok
Mon Feb 18 18:53:06 2008 : Debug: rad_check_password: Found Auth-Type EAP
Mon Feb 18 18:53:06 2008 : Debug: auth: type "EAP"
Mon Feb 18 18:53:06 2008 : Debug: +- entering group authenticate
Mon Feb 18 18:53:06 2008 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for
request 10
Mon Feb 18 18:53:06 2008 : Debug: rlm_eap: Request found, released from the list
Mon Feb 18 18:53:06 2008 : Debug: rlm_eap: EAP/peap
Mon Feb 18 18:53:06 2008 : Debug: rlm_eap: processing type peap
Mon Feb 18 18:53:06 2008 : Debug: rlm_eap_peap: Authenticate
Mon Feb 18 18:53:06 2008 : Debug: rlm_eap_tls: processing TLS
Mon Feb 18 18:53:06 2008 : Debug: eaptls_verify returned 7
Mon Feb 18 18:53:06 2008 : Debug: rlm_eap_tls: Done initial handshake
Mon Feb 18 18:53:06 2008 : Debug: eaptls_process returned 7
Mon Feb 18 18:53:06 2008 : Debug: rlm_eap_peap: EAPTLS_OK
Mon Feb 18 18:53:06 2008 : Debug: rlm_eap_peap: Session established. Decoding tunneled
attributes.
PEAP tunnel data in 0000: 02 0c 00 0b 21 80 03 00 02 00 01
Mon Feb 18 18:53:06 2008 : Debug: rlm_eap_peap: Received EAP-TLV response.
Mon Feb 18 18:53:06 2008 : Debug: rlm_eap_peap: Success
Mon Feb 18 18:53:06 2008 : Debug: rlm_eap: Freeing handler
Mon Feb 18 18:53:06 2008 : Debug: modsingle[authenticate]: returned from eap (rlm_eap)
for request 10
Mon Feb 18 18:53:06 2008 : Debug: ++[eap] returns ok
Mon Feb 18 18:53:06 2008 : Auth: Login OK: [myid at mynet.net/<via Auth-Type = EAP>] (from
client sw-local port 33 cli
00-a9-40-0f-83-a5)
Sending Access-Accept of id 129 to 192.168.2.3 port 8021
MS-MPPE-Recv-Key =
0x6c664fbeee0239086faa4ad89a9cbe491047d1ae131c6f8bf15ae8cb1fc522fc
MS-MPPE-Send-Key =
0xb70a6ec74948a76e22f608d849458d7acd5ab5db4ff3834fdee3367dc722187d
EAP-Message = 0x030c0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "myid at mynet.net"
--
Best regards,
Dmitry Sergienko
-------------- next part --------------
A non-text attachment was scrubbed...
Name: peap.c.diff
Type: text/x-patch
Size: 330 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080218/f4cb1cd1/attachment.bin>
More information about the Freeradius-Users
mailing list