Framed-IP-Address Reply-item Value not send to NAS in Proxy Config

klaus.ahl at atos.net klaus.ahl at atos.net
Fri Nov 25 16:59:02 CET 2011


Hi , 

we are using 

radiusd: FreeRADIUS Version 2.1.8, for host x86_64-suse-linux-gnu, built
on Sep  2 2010 at 13:08:34
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.


as Radius Proxy to another Radius Server (RSA 6.1)


sample of users file
--------------------------------------------------------------
henning
        Service-Type = Framed-User,
        Framed-IP-Address = 192.168.82.108
-----------------------------------------------------------------
(tried with TAB, blanks , with ceck-items, without check-items etc)

FreeRadius is configured as a Radius Proxy, Proxy-ing works, accept
Pakets are send to the NAS 192.168.4.36, but not Framed-IP !?

any idea? 



with Version 1.0 something like this has worked :
user-name  Proxy-To-Realm := "company.com.de"
        Class = "OU=cp-man-ip;",
        Framed-IP-Address = 192.168.82.108


output of radiusd -X


...
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Listening on proxy address * port 1814
Ready to process requests.


rad_recv: Access-Request packet from host 192.168.4.36 port 1700, id=5,
length=129
        User-Name = "henning@ <mailto:henning at eplus.de> company.de"
        User-Password = "xxxx76506321"
        NAS-Port = 25550
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Called-Station-Id = "x.y.146.7"
        Calling-Station-Id = "x.y.145.186"
        Tunnel-Client-Endpoint:0 = "x.y.145.186"
        NAS-IP-Address = 192.168.4.36
        NAS-Port-Type = Virtual
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "company.de" for User-Name = "henning@
<mailto:henning at eplus.de> company.de"
[suffix] Found realm "company.de"
[suffix] Adding Stripped-User-Name = "henning"
[suffix] Adding Realm = "company.de"
[suffix] Proxying request from user henning to realm company.de
[suffix] Preparing to proxy authentication request to realm "company.de"
++[suffix] returns updated
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry henning at line 76
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
  WARNING: Empty section.  Using default return values.
Sending Access-Request of id 75 to x.y.131.201 port 1645
        User-Name = "henning"
        User-Password = "xxxxxx06321"
        NAS-Port = 25550
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Called-Station-Id = "x.y.146.7"
        Calling-Station-Id = "x.y.145.186"
        Tunnel-Client-Endpoint:0 = "x.y.145.186"
        NAS-IP-Address = 192.168.4.36
        NAS-Port-Type = Virtual
        Proxy-State = 0x35
Proxying request 0 to home server x.y.131.201 port 1645
Sending Access-Request of id 75 to x.y.131.201 port 1645
        User-Name = "henning"
        User-Password = "xxxxx506321"
        NAS-Port = 25550
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Called-Station-Id = "x.y.146.7"
        Calling-Station-Id = "x.y.145.186"
        Tunnel-Client-Endpoint:0 = "x.y.145.186"
        NAS-IP-Address = 192.168.4.36
        NAS-Port-Type = Virtual
        Proxy-State = 0x35
Going to the next request
Waking up in 0.9 seconds.
Waking up in 18.9 seconds.
rad_recv: Access-Accept packet from host x.y.131.201 port 1645, id=75,
length=81
        Class =
0x53425232434ca1a7b0d282b793e7bd801180250180038198ce8002800881b499ade6f3
a5dce712800e81a1a7b0d282b793e7bd80808ebc8c
        Proxy-State = 0x35
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 5 to 192.168.4.36 port 1700
        Class =
0x53425232434ca1a7b0d282b793e7bd801180250180038198ce8002800881b499ade6f3
a5dce712800e81a1a7b0d282b793e7bd80808ebc8c
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
^C
[12:58:10]
radius1:~ #






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111125/0317e385/attachment.html>
-------------- next part --------------
__________________________________________________________________________________________________________________________________________
Atos Information Technology GmbH, Theodor-Althoff-Stra?e 47, D-45133 Essen, Postfach 100 123, D-45001 Essen
Telefon: +49 201 4305 0, Fax: +49 201 4305 689095, www.de.atos.net
ING Bank AG, Frankfurt/Main: Konto 001 014 0937, BLZ 500 210 00, Swift / BIC INGBDEFF, IBAN DE74 5002 1000 0010 1409 37
Gesch?ftsf?hrer: Winfried Holz, Vorsitzender des Aufsichtsrats: Peter Hollfelder, Handelsregister Essen HRB 19354, Ust.-ID.-Nr.: DE147861238
___________________________________________________________________________________________________________________________________________


More information about the Freeradius-Users mailing list