How to forward MAC-authentiation-requests over a FreeRADIUS-proxy toa FreeRADIUS-server?

tnt at kalik.net tnt at kalik.net
Tue Oct 7 22:30:36 CEST 2008 

http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ#It_still_doesn.27t_work.21

Ivan Kalik
Kalik Informatika ISP


Dana 7/10/2008, "r.bruengel at freenet.de" <r.bruengel at freenet.de> piše:

>Hello everyone,
>
>I use MAC-authentication and got some problems by using a FreeRADIUS as a proxy to tunnel requests and answers between my switch and my �normal� FreeRADIUS-server.
>
>When I tested MAC-authentication with my switch and FreeRADIUS-server without anything between it worked fine. The MAC-address has been used as username and cleartext-password.
>
>Well, when I set up my FreeRADIUS-proxy and want to use it the following message appears in the radius.log of my FreeRADIUS-proxy:
>
>Error: Invalid packet code 1 sent to a proxy port from home server 192.168.158 port 1864 - ID 177 : IGNORED
>
>The port and the ID vary � the port is counted up by every try and the ID� well, I don�t know.
>
>I just want to forward the MAC-address and the cleartext-password to my FreeRADIUS-server. When this data arrives at my FreeRADIUS-server it should be checked and the authentication answer should be sent back to my FreeRADIUS-proxy which forwards it to my switch.
>
>I hope that you can help me � I just started to work with FreeRADIUS, so I�m just a rookie.
>
>Here�s some data:
>FreeRADIUS:                     V 2.0.4
>Operating System:               Debian Lenny (testing)
>Kernel:                         2.6.25-2-686
>Switch:                         Foundry EdgeIron 2402CF
>FreeRADIUS-server:              192.168.1.61
>FreeRADIUS-proxy:               192.168.1.80
>Switch:                         192.168.1.58
>
>The following configuration belongs to my FreeRADIUS-server:
>
>radiusd.conf
>listen {
>        type = auth
>        ipaddr = 192.168.1.61   #FreeRADIUS-server IP
>        port = 1812
>}
>[�]
>proxy_requests = no
>
>clients.conf
>client 192.168.1.80 {
>        secret = testing123
>}
>
>The following configuration belongs to my FreeRADIUS-proxy:
>
>radiusd.conf
>listen {
>        type = proxy
>        ipaddr = 192.168.1.80   #FreeRADIUS-proxy IP
>        port = 1812
>}
>
>proxy.conf
>proxy server {
>        default_fallback = no
>}
>
>home_server RADIUS_SERVER {
>        type = auth
>        ipaddr = 192.168.1.61   #FreeRADIUS-server IP
>        port = 1812
>        secret = testing123
>        [�]
>}
>
>home_server_pool RADIUS_SERVER_POOL {
>        type = fail-over
>        home_server = RADIUS_SERVER
>}
>
>realm RADIUS_REALM {
>        auth_pool = RADIUS_SERVER_POOL
>}
>
>The following configuration belongs to my switch:
>RADIUS-Server:  192.168.1.80            #FreeRADIUS-proxy
>Port:                   1812
>Key:                    testing123
>
>So, that should be the way:
>Switch          ->      FR-proxy        ->      FR-server
>192.168.1.58            192.168.1.80            192.168.1.61
>
>In advance: Thanks a lot for your help!
>
>
>Best regards from Germany,
>Raphael Brüngel
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

More information about the Freeradius-Users mailing list