Authenticate by users file for RADIUS service operation check
Seiichirou Hiraoka
seiichirou.hiraoka at gmail.com
Thu Dec 8 04:17:04 CET 2016
Hello folks,
I am using FreeRADIUS 3.0.4 on CentOS 7.2.
In order to check the service operation of RADIUS, we are trying to
authenticate with the users file, but proxy request is made.
The setting is as follows.
- /etc/raddb/proxy.conf
realm "~^subdomain\.domain\.com$" {
authhost = LOCAL
accthost = LOCAL
}
home_server server1 {
....
}
home_server server2 {
....
}
home_server_pool server {
type = fail-over
home_server = server1
home_server = server2
}
realm DEFAULT {
pool = server
nostrip
}
- /etc/raddb/users
test at test.com Auth-Type := PAP , Cleartext-Password := "test"
or
test at test.com Auth-Type := Local , Cleartext-Password := "test"
or
test at test.com Cleartext-Password := "test"
...
-----
When radtest command is executed with radiusd -X, the following result
is obtained.
# radtest test at test.com test localhost 0 testing123
Sending Access-Request Id 3 from 0.0.0.0:48661 to 127.0.0.1:1812
User-Name = 'test at test.com'
User-Password = 'test'
NAS-IP-Address = X.X.X.X
NAS-Port = 0
Message-Authenticator = 0x00
Received Access-Reject Id 3 from 127.0.0.1:1812 to 127.0.0.1:48661 length 36
Reply-Message = 'Request Denied'
(0) -: Expected Access-Accept got Access-Reject
The following log is output to the console.
(snip)
(0) [auth_log] = ok
(0) [chap] = noop
(0) [mschap] = noop
(0) [digest] = noop
(0) suffix : Checking for suffix after "@"
(0) suffix : Looking up realm "test.com" for User-Name = "test at test.com"
(0) suffix : Found realm "DEFAULT"
(0) suffix : Adding Realm = "DEFAULT"
(0) suffix : Proxying request from user test at test.com to realm DEFAULT
(0) suffix : Preparing to proxy authentication request to realm "DEFAULT"
(0) [suffix] = updated
(0) eap : No EAP-Message, not doing EAP
(0) [eap] = noop
(0) files : users: Matched entry test at test.com at line 1
(0) [files] = ok
(0) [expiration] = noop
(0) [logintime] = noop
(0) [pap] = noop
(0) } # authorize = updated
Opening new proxy socket 'proxy address * port 0'
Listening on proxy address * port 59404
(0) Proxying request to home server X.X.X.X port 1812 timeout 30.000000
(0) Sending Access-Request packet to host X.X.X.X port 1812, id=85, length=0
(snip)
-----
My question is how to authenticate users file without
proxying ?
Best regards!
More information about the Freeradius-Users
mailing list