Redirection to the NAS of an external CoA request

newtownz jean466 at sympatico.ca
Tue Jul 20 19:38:32 CEST 2010 

Here are a few lines from my cfg files:

In radiusd.conf:

proxy_requests  = yes
$INCLUDE proxy.conf


In proxy.conf:

#(this is where I want to forward)
home_server aruba {
        type = coa
        ipaddr = xx.yy.110.148
        port = 1812
        src_ipaddr = xx.yy.110.128
        coa {
                # Initial retransmit interval: 1..5
                irt = 2

                # Maximum Retransmit Timeout: 1..30 (0 == no maximum)
                mrt = 16

                # Maximum Retransmit Count: 1..20 (0 == retransmit forever)
                mrc = 5

                # Maximum Retransmit Duration: 5..60
                mrd = 30
                }
        secret = testing123
     }

home_server_pool to_aruba {
                home_server = aruba
        }

###Not really sure about the validity of the last 3 lines...

And now I'm puzzled as to how to set the Home-server-pool
as stated in recv-coa section of coa:

 recv-coa {
                #  CoA && Disconnect packets can be proxied in the same
                #  way as authentication or accounting packets.
                #  Just set Proxy-To-Realm, or Home-Server-Pool, and the
                #  packets will be proxied.

I tried to find the way that it is done for authentication packet
and did not succeed.

Also I just want to know if my understanding about the whole
process of proxying the CoA is right:

The default server config file is of no use here, in the coa
I have to state somehow that I want the request to be forwarded
to the controller and in the proxy.conf file I have to create
this controller-server so that freeradius won't complain about
an unknown IP address.

Jean
                


Alan DeKok-2 wrote:
> 
> newtownz wrote:
>> I'm trying to figure out how to send a CoA from freeRadius
>> to the NAS.  The set-up I have involves two servers and an 
>> Aruba controller.  
> 
>   i.e. proxying CoA packets through FreeRADIUS to the NAS.
> 
>   While this should work, it's not a deeply tested scenario.
> 
>>  In this test set-up the client authenticates locally on the
>> freeRadius server.  The server listen on port 3799 for a CoA request
>> that is generated from another computer, the freeRadius accepts
>> the request and sends a ACK to the generator but it does not
>> send anything to the NAS, 
> 
>   Did you configure the server to proxy the CoA request?  Look for
> "proxy" in raddb/sites-available/coa in 2.1.9.
> 
>> I tried to supply in the request a
>> NAS-IP-Address attribute and also tried with Packet-Dst-IP-Address
>> with no success. Also tried different things in CoA and Originate-CoA
>> with the same results.
> 
>   Well.. the "coa" documents exactly what you need to do.  Trying random
> *undocumented* things won't make it work.
> 
>> The goal I'm trying to reach is to supply the user-name in the
>> CoA request that will force the client to silently reconnect and
>> in the meantime I will have changed the Access-List accessible to
>> the client.
> 
>   Use a Disconnect-Request packet to make the client disconnect.
> 
>> 1: Is it possible to send a CoA request to the freeRadius server
>> and then have it relay the request to the Aruba controller?
> 
>   Yes.  This is called "proxying"
> 
>> 2: If it is possible what do I have to put in the configs file
>> and where?
> 
>   This is documented.
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> 

-- 
View this message in context: http://old.nabble.com/Redirection-to-the-NAS-of-an-external-CoA-request-tp29206196p29216134.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.

More information about the Freeradius-Users mailing list