I wish it was that easy Mark, but it's not.
You'll notice the first line of tcpdump, shows the request coming in on port 1645
and a return port of 1812. (I assume that's a return port. Here is that first
line..
14:23:22.959993 203.194.56.120.1812 > 203.16.135.45.1645: rad-access-req 271 [id
95] Attr[ NAS_ipaddr{203.220.246.49} NAS_port_type{#30} Called_station{142330358
016426} [|radius] (DF)
Here's what my radiusd server sends back to the proxy server... the next line,
this doesn't look like the reply packet, could it be the SNMP connection, but why
on port 1645?
14:23:22.960038 203.16.135.45 > 203.194.56.120: icmp: 203.16.135.45 udp port 1645
unreachable [tos 0xc0]
At the bottom of this message I will paste the output from radiusd -X, you will
see the request come in, our reply go out and that is all.
Here is what happens when logging packets with ipchains, this is what leaves our
server..
Packet log: output ACCEPT eth0 PROTO=17 203.16.135.45:1645 203.194.56.120:1812
L=228 S=0x00 I=9982 F=0x0000 T=64 (#2)
regards
Mervyn
Mark Constable wrote:
> On Mon, 15 Oct 2001 14:53, Mervyn Jack wrote:
>
> > The request from the proxy client comes in on 1645, with a return port of
> > 1812, but radiusd seems to try and ping ? port 1645 on the proxy server end
> > and it fails. Which it will as their proxy server is listening for the
> > reply on 1812. Please excuse my tcp/udp lack of knowledge, perhaps the
>
> grep rad /etc/services
>
> radius 1812/tcp # Radius
> radius 1812/udp # Radius
> radacct 1813/tcp # Radius Accounting
> radacct 1813/udp # Radius Accounting
>
> if it's not like above then there is your problem. You can also use -p
> to force freeradius to listen on another port.
>
> --markc
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
porky:/usr/local/var/log/radius# radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
read_config_files: reading dictionary
read_config_files: reading clients
read_config_files: reading realms
read_config_files: reading naslist
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = no
main: pidfile = "/usr/local/var/run/radiusd.pid"
main: bind_address = 203.16.135.45 IP address [203.16.135.45]
main: user = "root"
main: group = "root"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: dead_time = 120
main: debug_level = 0
read_config_files: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded System
unix: cache = no
unix: passwd = "/etc/passwd"
unix: shadow = "(null)"
unix: group = "/etc/group"
unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
unix: usegroup = no
Module: Instantiated unix (unix)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded detail
detail: detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail"
detail: detailperm = 384
detail: dirperm = 493
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/usr/local/var/log/radius/radutmp"
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
main: smux_password = ""
main: snmp_write_access = no
SMUX connect try 1
Can't connect to SNMP agent with SMUX: Connection refused
Listening on IP address 203.16.135.45, ports 1645/udp and 1646/udp, with proxy on
1647/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 203.194.56.120:1812, id=182, length=271
NAS-IP-Address = 203.220.246.49
NAS-Port-Type = Async
Called-Station-Id = "142330358016426"
Calling-Station-Id = "358711419"
Service-Type = Framed-User
Framed-Protocol = PPP
Password = "\261\364\236\271*\222k\304>\260\255\341P\257'\224"
User-Name = "steve"
Proxy-State =
0x42535032696d7330312d7379642f413532443036463741393839414145413343323338413232413938394538323644374534314544393843374132303430394344433339323
3384234364445323845433245394635303733383544464441353730304346364438443242433630413133443136304633384336383235323541444146344433334544374638453546414231464543373845
333143313936444342394234413238454533304133
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "suffix" returns ok
users: Matched steve at 54
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied Password matches local Password
Login OK: [steve] (from nas kbs port 0 cli 358711419)
Sending Access-Accept of id 182 to 203.194.56.120:1812
Framed-IP-Netmask = 255.255.255.255
Proxy-State =
0x42535032696d7330312d7379642f413532443036463741393839414145413343323338413232413938394538323644374534314544393843374132303430394344433339323
3384234364445323845433245394635303733383544464441353730304346364438443242433630413133443136304633384336383235323541444146344433334544374638453546414231464543373845
333143313936444342394234413238454533304133
Finished request 0
Going to the next request
SMUX connect try 2
Can't connect to SNMP agent with SMUX: Connection refused
--- Walking the entire request list ---
Waking up in 6 seconds...
SMUX connect try 3
Can't connect to SNMP agent with SMUX: Connection refused
--- Walking the entire request list ---
Cleaning up request 0 ID 182 with timestamp 3bca81e4
Nothing to do. Sleeping until we see a request.
--
Mervyn Jack, Technical Director, Country Netlink Pty Ltd.
PO Box 529, Cobram, Vic. Australia, 3644
Ph +61 3 5871 1000 Fax +61 3 5871 1874 Mobile 0409 960 520
mailto:[EMAIL PROTECTED] http://www.cnl.com.au ICQ 354419
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
