proxying request edition

Nicolas Guerra ngr at vera.com.uy
Fri Apr 15 16:00:52 CEST 2016


Hi,

I configured a freeradius server for proxying request to other radius 
server.
I have a router (openwrt) and the idea is that wifi authenticate using 
my radius server and my radius server proxy the request to other radius 
server (I can't get much info of this server).

installed on OpenSUSE 13.2

freeradius-server-utils-3.0.11-93.1.x86_64
freeradius-server-libs-3.0.11-93.1.x86_64
freeradius-server-doc-3.0.11-93.1.x86_64
freeradius-server-3.0.11-93.1.x86_64


I have this probblem:

when I execute the command in my radius server:

radtest <USER> <PASSWORD> localhost 0 testing123

works fine proxy the request fine and I have "Received Access-Accept", 
but when I try to connect via openwrt wifi, it proxy the request fine 
but I got "Received Access-Reject"

I read in the log and I think what makes diffrence is the request that 
is sent:

request that works is:

(10)   Sent Access-Request Id 192 from 0.0.0.0:52999 to 
<destination-radius-IP>:1812 length 92
(10)   User-Name = "USER"
(10)   User-Password = "PASSWD"
(10)   NAS-IP-Address = <my-server-IP>
(10)   NAS-Port = 0
(10)   Message-Authenticator = 0xb11e070a06c7366aed5ca12968f70a00
(10)   Event-Timestamp = "Apr 15 2016 09:50:20 UYT"
(10)   Proxy-State = 0x3832

request that fails is:

(11)   Sent Access-Request Id 46 from 0.0.0.0:52999 to 
<destination-radius-IP>:1812 length 216
(11)   User-Name = "USER"
(11)   Called-Station-Id = "32-B5-C2-38-41-74:<WIFI-SSID>"
(11)   NAS-Port-Type = Wireless-802.11
(11)   NAS-Port = 1
(11)   Calling-Station-Id = "78-4B-87-78-8C-FB"
(11)   Connect-Info = "CONNECT 54Mbps 802.11g"
(11)   Acct-Session-Id = "56FBFBAD-000000BD"
(11)   WLAN-Pairwise-Cipher = 1027076
(11)   WLAN-Group-Cipher = 1027076
(11)   WLAN-AKM-Suite = 1027073
(11)   Framed-MTU = 1400
(11)   EAP-Message = 0x0291001101343137343233344066696e67
(11)   Message-Authenticator = 0x78a31b183ce622957bdb13eaf6b3e984
(11)   Event-Timestamp = "Apr 15 2016 10:10:14 UYT"
(11)   NAS-IP-Address = <SOME-IP>
(11)   Proxy-State = 0x3730

my question is:
How can I modify the request received from router (openwrt) to make it 
looks like the working one?

sorry my english.
and thanks.

sds, Nicolás


More information about the Freeradius-Users mailing list