FW: Proxy requests

Hoffer, Kevin khoffer at ussignal.com
Wed Nov 9 21:15:36 CET 2016


I am trying to proxy requests from freeradius to another radius server.  My obstical is I would like to use the local users file to send the attributes to the devices that it is getting the request from rather then passing along with the proxy servers is sending back

Router sends request to Radius Server 1
Radius Server 1 proxies to Radius Server 2
Radius server 2 send back accept and some attributes those then get passed back to the router.

I would prefer Radius Server to get the Accept and then use the information in the users file to send back the attributes.

I have the files turned on for post proxy however this is what the debug shows.

total/active/spare threads = 5/0/5
Wed Nov  9 14:46:10 2016 : Debug: Waking up in 0.9 seconds.
Wed Nov  9 14:46:10 2016 : Debug: Thread 5 got semaphore
Wed Nov  9 14:46:10 2016 : Debug: Thread 5 handling request 0, (1 handled so far)
Wed Nov  9 14:46:10 2016 : Info: # Executing section authorize from file /etc/freeradius/sites-enabled/default
Wed Nov  9 14:46:10 2016 : Info: +group authorize {
Wed Nov  9 14:46:10 2016 : Info: [preprocess]   expand: %{User-Name} -> khoffer at domain.com<mailto:khoffer at domain.com>
Wed Nov  9 14:46:10 2016 : Info: ++[preprocess] = ok
Wed Nov  9 14:46:10 2016 : Info: [auth_log]     expand: %{Packet-Src-IP-Address} -> IP_OF_SOURCE_ROUTER
Wed Nov  9 14:46:10 2016 : Info: [auth_log]     expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/IP_OF_SOURCE_ROUTER/auth-detail-20161109
Wed Nov  9 14:46:10 2016 : Info: [auth_log] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/IP_OF_SOURCE_ROUTER/auth-detail-20161109
Wed Nov  9 14:46:10 2016 : Info: [auth_log]     expand: %t -> Wed Nov  9 14:46:10 2016
Wed Nov  9 14:46:10 2016 : Info: ++[auth_log] = ok
Wed Nov  9 14:46:10 2016 : Info: ++[chap] = noop
Wed Nov  9 14:46:10 2016 : Info: ++[mschap] = noop
Wed Nov  9 14:46:10 2016 : Info: ++[digest] = noop
Wed Nov  9 14:46:10 2016 : Info: [suffix] Looking up realm "domain.com" for User-Name = "khoffer at domain.com<mailto:khoffer at domain.com>"
Wed Nov  9 14:46:10 2016 : Info: [suffix] Found realm "domain.com"
Wed Nov  9 14:46:10 2016 : Info: [suffix] Adding Stripped-User-Name = "khoffer"
Wed Nov  9 14:46:10 2016 : Info: [suffix] Adding Realm = "domain.com"
Wed Nov  9 14:46:10 2016 : Info: [suffix] Proxying request from user khoffer to realm domain.com
Wed Nov  9 14:46:10 2016 : Info: [suffix] Preparing to proxy authentication request to realm "domain.com"
Wed Nov  9 14:46:10 2016 : Info: ++[suffix] = updated
Wed Nov  9 14:46:10 2016 : Info: [eap] No EAP-Message, not doing EAP
Wed Nov  9 14:46:10 2016 : Info: ++[eap] = noop
Wed Nov  9 14:46:10 2016 : Info: [files] users: Matched entry DEFAULT at line 264
Wed Nov  9 14:46:10 2016 : Info: ++[files] = ok
Wed Nov  9 14:46:10 2016 : Info: ++[expiration] = noop
Wed Nov  9 14:46:10 2016 : Info: ++[logintime] = noop
Wed Nov  9 14:46:10 2016 : Info: ++[pap] = noop
Wed Nov  9 14:46:10 2016 : Info: +} # group authorize = updated
Wed Nov  9 14:46:10 2016 : Info:   WARNING: Empty pre-proxy section.  Using default return values.
Wed Nov  9 14:46:10 2016 : Info: Proxying request 0 to home server HOME_PROXY_DEVICE port 1812
Wed Nov  9 14:46:10 2016 : Debug: Going to the next request
Wed Nov  9 14:46:10 2016 : Debug: Thread 5 waiting to be assigned a request
Wed Nov  9 14:46:10 2016 : Debug: Waking up in 0.9 seconds.
Wed Nov  9 14:46:10 2016 : Debug: Thread 4 got semaphore
Wed Nov  9 14:46:10 2016 : Debug: Thread 4 handling request 0, (1 handled so far)
Wed Nov  9 14:46:10 2016 : Info: # Executing section post-proxy from file /etc/freeradius/sites-enabled/default
Wed Nov  9 14:46:10 2016 : Info: +group post-proxy {
Wed Nov  9 14:46:10 2016 : Info: ++[files] = noop
Wed Nov  9 14:46:10 2016 : Info: [eap] No pre-existing handler found
Wed Nov  9 14:46:10 2016 : Info: ++[eap] = noop
Wed Nov  9 14:46:10 2016 : Info: +} # group post-proxy = noop
Wed Nov  9 14:46:10 2016 : Info: Found Auth-Type = Accept
Wed Nov  9 14:46:10 2016 : Info: Auth-Type = Accept, accepting the user
Wed Nov  9 14:46:10 2016 : Info: # Executing section post-auth from file /etc/freeradius/sites-enabled/default
Wed Nov  9 14:46:10 2016 : Info: +group post-auth {
Wed Nov  9 14:46:10 2016 : Info: ++[exec] = noop
Wed Nov  9 14:46:10 2016 : Info: +} # group post-auth = noop
Wed Nov  9 14:46:10 2016 : Info: Finished request 0.
Wed Nov  9 14:46:10 2016 : Debug: Going to the next request
Wed Nov  9 14:46:10 2016 : Debug: Thread 4 waiting to be assigned a request
Wed Nov  9 14:46:11 2016 : Debug: Waking up in 3.9 seconds.
Wed Nov  9 14:46:15 2016 : Info: Cleaning up request 0 ID 98 with timestamp +183
Wed Nov  9 14:46:15 2016 : Info: Ready to process requests.



Thank You,

Kevin Hoffer
Manager of Information Technology
US Signal Company
201 Ionia Avenue SW
Grand Rapids, MI 49503
NOC Phone: (888) 663.1700
Direct: (616) 233.7096
Cell: (269) 251.9202
NOC Email: noc at ussignal.com<mailto:noc at ussignal.com>
www.ussignal.com<http://www.ussignal.com>



More information about the Freeradius-Users mailing list