How to forward MAC-authentiation-requests over a FreeRADIUS-proxy to a FreeRADIUS-server?

r.bruengel at freenet.de r.bruengel at freenet.de
Tue Oct 7 22:14:19 CEST 2008 

Hello everyone,

I use MAC-authentication and got some problems by using a FreeRADIUS as a proxy to tunnel requests and answers between my switch and my ‘normal’ FreeRADIUS-server.

When I tested MAC-authentication with my switch and FreeRADIUS-server without anything between it worked fine. The MAC-address has been used as username and cleartext-password.

Well, when I set up my FreeRADIUS-proxy and want to use it the following message appears in the radius.log of my FreeRADIUS-proxy:

Error: Invalid packet code 1 sent to a proxy port from home server 192.168.1.58 port 1864 - ID 177 : IGNORED

The port and the ID vary – the port is counted up by every try and the ID
 well, I don’t know.

I just want to forward the MAC-address and the cleartext-password to my FreeRADIUS-server. When this data arrives at my FreeRADIUS-server it should be checked and the authentication answer should be sent back to my FreeRADIUS-proxy which forwards it to my switch.

I hope that you can help me – I just started to work with FreeRADIUS, so I’m just a rookie.

Here’s some data:
FreeRADIUS:                     V 2.0.4
Operating System:               Debian Lenny (testing)
Kernel:                         2.6.25-2-686
Switch:                         Foundry EdgeIron 2402CF
FreeRADIUS-server:              192.168.1.61
FreeRADIUS-proxy:               192.168.1.80
Switch:                         192.168.1.58

The following configuration belongs to my FreeRADIUS-server:

radiusd.conf
listen {
        type = auth
        ipaddr = 192.168.1.61   #FreeRADIUS-server IP
        port = 1812
}
[
]
proxy_requests = no

clients.conf
client 192.168.1.80 {
        secret = testing123
}

The following configuration belongs to my FreeRADIUS-proxy:

radiusd.conf
listen {
        type = proxy
        ipaddr = 192.168.1.80   #FreeRADIUS-proxy IP
        port = 1812
}

proxy.conf
proxy server {
        default_fallback = no
}

home_server RADIUS_SERVER {
        type = auth
        ipaddr = 192.168.1.61   #FreeRADIUS-server IP
        port = 1812
        secret = testing123
        [
]
}

home_server_pool RADIUS_SERVER_POOL {
        type = fail-over
        home_server = RADIUS_SERVER
}

realm RADIUS_REALM {
        auth_pool = RADIUS_SERVER_POOL
}

The following configuration belongs to my switch:
RADIUS-Server:  192.168.1.80            #FreeRADIUS-proxy
Port:                   1812
Key:                    testing123

So, that should be the way:
Switch          ->      FR-proxy        ->      FR-server
192.168.1.58            192.168.1.80            192.168.1.61

In advance: Thanks a lot for your help!


Best regards from Germany,
Raphael Brüngel

More information about the Freeradius-Users mailing list