Freeradius proxy support
Ilavajuthy Palanisamy
ilavajuthy at gmail.com
Tue Apr 15 07:02:20 CEST 2014
Hi Alan,
I have set the below configuration in proxy.conf and it is not working. I
need help in fixing it.
home_server ssid_700 {
type = auth
ipaddr = 16.108.158.172
port = 1812
secret = testing123
require_message_authenticator = yes
response_window = 20
zombie_period = 40
revive_interval = 120
status_check = status-server
check_interval = 30
num_answers_to_alive = 3
coa {
# Initial retransmit interval: 1..5
irt = 2
# Maximum Retransmit Timeout: 1..30 (0 == no maximum)
mrt = 16
# Maximum Retransmit Count: 1..20 (0 == retransmit forever)
mrc = 5
# Maximum Retransmit Duration: 5..60
mrd = 30
}
}
home_server_pool ssid_700_pool {
type = fail-over
home_server = ssid_700
}
realm ssid_700_realm {
auth_pool = ssid_700_pool
nostrip
}
if ( Colubris-AVPair == "ssid=uww_700" ) {
update control {
Proxy-To_Realm := "ssid_700_realm"
}
}
#realm NULL {
# authhost = radius.company.com:1600
# accthost = radius.company.com:1601
# secret = testing123
#}
#
# This realm is for ALL OTHER requests.
#
#realm DEFAULT {
# authhost = radius.company.com:1600
# accthost = radius.company.com:1601
# secret = testing123
#}
With the above configuration, it is not entering the if condition (unlang).
Below is the debug log. It say there is no @ with the user and looking up
realm NULL. I have commented out the realm NULL and realm DEFAULT.
rad_recv: Access-Request packet from host 16.108.159.73 port 56904, id=180,
length=233
Acct-Session-Id = "084a02e6"
NAS-Port = 0
NAS-Port-Type = Wireless-802.11
User-Name = "t"
Calling-Station-Id = "38-AA-3C-8B-23-2D"
Called-Station-Id = "D8-9D-67-41-59-20"
EAP-Message = 0x020100060319
State = 0x07f1ce5e07f0caa193a06ec11ba58fe2
NAS-Identifier = "SG3413P2DH"
NAS-IP-Address = 16.108.159.73
Framed-MTU = 1496
Connect-Info = "IEEE802.1X"
Framed-Protocol = PPP
Service-Type = Framed-User
Colubris-AVPair = "ssid=uww_700"
Colubris-AVPair = "group=Default Group"
Colubris-AVPair = "vsc-unique-id=3"
Message-Authenticator = 0xd653b1d0f1fa3ea4dcb3f01de9eb2c5b
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "t", looking up realm NULL
[suffix] No such realm "NULL"
What configuration change that i have to do to make it working?
I need to have a home server pool for each of the ssid. I need to do below
kind of setup;
if ( Colubris-AVPair == "ssid=uww_700" ) {
//use home_server_pool = ssid_700_pool
}
if ( Colubris-AVPair == "ssid=uww_800" ) {
//use home_server_pool = ssid_800_pool
}
Also need to know where the unlang (the if condition) needs to be
specified? Does it needs to be specified inside any block?
Thanks,
Ila.
On Mon, Apr 7, 2014 at 2:05 PM, Alan DeKok <aland at deployingradius.com>wrote:
> Ilavajuthy Palanisamy wrote:
> > Now I need a help in setting up various sets of Radius servers in
> > proxy.conf based on some VSA value in Access_Request. The requirement is
> > to redirect the requests to appropriate Radius servers based on the VSA
> > value.
>
> You can manually force proxying via the Proxy-To-Realm attribute. In
> "unlang":
>
> update control {
> Proxy-To-Realm := "realm-name"
> }
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140414/5ebe0693/attachment-0001.html>
More information about the Freeradius-Users
mailing list