receives 1 request --> proxy 2 requests?

Ivan Kalik tnt at kalik.net
Wed Jul 8 14:25:56 CEST 2009 

> ok, next try to explain the problem:
>
> if i start radtest everything looks fine:
> radtest 111111 at test 111111 at test localhost:1645 0 *secret*
> Sending Access-Request of id 176 to 127.0.0.1 port 1645
>         User-Name = \"111111 at test\"
>         User-Password = \"111111 at test\"
>         NAS-IP-Address = 172.x.x.x
>         NAS-Port = 0
> rad_recv: Access-Accept packet from host 127.0.0.1 port
> 1645, id=176, length=20
>

So, no shared secret error! Secrets match for authentication but don't for
accounting. Check *accounting* port secrets on both ends.

>
> if i look in freeradius-debug:
>
> rad_recv: Access-Request packet from host 127.0.0.1 port
> 58236, id=177, length=64
>         User-Name = \"111111 at test\"
>         User-Password = \"111111 at test\"
>         NAS-IP-Address = 172.x.x.x
>         NAS-Port = 0
> +- entering group authorize {...}
> ++[preprocess] returns ok
>         expand:
> /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
> ->
> /var/log/freeradius/radacct/127.0.0.1/auth-detail-20090708
> [auth_log]
> /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
> expands to
> /var/log/freeradius/radacct/127.0.0.1/auth-detail-20090708
>         expand: %t -> Wed Jul  8 13:07:36 2009
> ++[auth_log] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> [suffix] Looking up realm \"test\" for User-Name =
> \"111111 at test\"
> [suffix] Found realm \"test\"
> [suffix] Adding Realm = \"test\"
> [suffix] Proxying request from user 111111 to realm test
> [suffix] Preparing to proxy authentication request to realm
> \"test\"
> ++[suffix] returns updated
> [prefix] Request already proxied.  Ignoring.
> ++[prefix] returns ok
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
>
> ------------------until here ok-------------------------
>
> Sending Access-Request of id 207 to 172.y.y.y port 1812
>         User-Name = \"111111 at test\"
>         User-Password = \"111111 at test\"
>         NAS-IP-Address = 172.x.x.x
>         NAS-Port = 0
>         Proxy-State = 0x313737
> Proxying request 34 to home server 172.y.y.y port 1812
> Sending Access-Request of id 207 to 172.y.y.y port 1812
>         User-Name = \"111111 at test\"
>         User-Password = \"111111 at test\"
>         NAS-IP-Address = 172.x.x.x
>         NAS-Port = 0
>         Proxy-State = 0x313737
>
> -----------------why a second identical
> request?--------------------

It's not the second request, it's the same one.

Ivan Kalik
Kalik Informatika ISP

More information about the Freeradius-Users mailing list