Proxy Access and Acounting Request

Shurbann Martes shurbann at gmail.com
Fri Jul 3 01:24:05 CEST 2015 

Hello,

I'm using FreeRADIUS Version 2.2.7, for host x86_64-pc-linux-gnu, built on
Jul  1 2015 at 06:19:40

My goal is to proxy Access and Accounting Request to another RADIUS server.

My Problem is I'm not able to proxy the Access and Accounting Request.
Instead I do see the following logs:

Ready to process requests.
rad_recv: Access-Request packet from host 192.168.134.24 port 51123, id=2,
length=130
Called-Station-Id = "test.example.com"
Calling-Station-Id = "1234567890"
User-Name = "test at example.com"
User-Password = "test"
3GPP-SGSN-MCC-MNC = "74602"
3GPP-SGSN-Address = 190.98.125.65
Message-Authenticator = 0x86458de919d5aa8d628f2a051ba6caf8
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] Looking up realm "example.com" for User-Name = "test at example.com"
[suffix] Found realm "example.com"
[suffix] Adding Stripped-User-Name = "test"
[suffix] Adding Realm = "example.com"
[suffix] Proxying request from user test to realm example.com
[suffix] Preparing to proxy authentication request to realm "example.com"
++[suffix] = updated
[eap] No EAP-Message, not doing EAP
++[eap] = noop
[files] users: Matched entry test at line 61
++[files] = ok
++[expiration] = noop
++[logintime] = noop
++[pap] = noop
+} # group authorize = updated
There was no response configured: rejecting request 1
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+group REJECT {
[attr_filter.access_reject]  expand: %{User-Name} -> test at example.com
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] = updated
+} # group REJECT = updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 2 to 192.168.134.24 port 51123
Waking up in 4.9 seconds.
Cleaning up request 1 ID 2 with timestamp +99
Ready to process requests.

A you can see there is no "Proxying request 0 to home server" in the log,
but instead I see this "There was no response configured: rejecting request
1"

I'm out of idea and was hoping you can help me out. Find below the
configuration files, I think that are relevant:

proxy.conf:

proxy server {
default_fallback = no
}
home_server localhost {
type = auth+acct
ipaddr = 192.168.146.133
port = 1645
secret = test123
require_message_authenticator = yes
response_window = 20
zombie_period = 40
revive_interval = 120
status_check = status-server
check_interval = 30
num_answers_to_alive = 3
max_outstanding = 65536
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}


sites-enabled/default
authorize {
preprocess
chap
mschap
digest
suffix
eap {
ok = return
}
files
expiration
logintime
pap
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
digest
unix
eap
Auth-Type Perl {
     perl
}
}
preacct {
preprocess
acct_unique
suffix
files
}
accounting {
detail
sqlippool
exec
attr_filter.accounting_response
perl
}
session {
radutmp
}
post-auth {
sqlippool
exec
Post-Auth-Type REJECT {
attr_filter.access_reject
}
}
pre-proxy {
}
post-proxy {
eap
}



Hope to have gave you the necessary information the right way, so that you
can help me.

Thank you.

Regards,
S. Martes

More information about the Freeradius-Users mailing list