I have just setup freeradius 0.8 on redhat 8 (2.4.18-14) and like it much more that icradius, but I am seeing a strange occurrence in my logs. We have many other radius servers that are proxying requests to us, and this box is intended as a replacement to one of the radius servers we use right now running icradius. User auth information is stored in mysql database and all is working fine as far as I can see. However, during some testing between this new box and a client radius server that is forwarding auth requests by using fully qualified username ([EMAIL PROTECTED]). The @customcpu.com should be stripped and then testing is sent to our box for auth. In my main radius log file (/var/log/radius) the auth request appears to come in as it should:
Mon Dec 30 17:27:29 2002 : Auth: Login OK: [testing] (from client acs-proxy[4] port 32 cli 9075692251) However, when I check the detail log file, I see: Mon Dec 30 17:27:29 2002 Acct-Session-Id = "1E002868" User-Name = "[EMAIL PROTECTED]" NAS-IP-Address = 209.112.154.7 NAS-Port = 32 NAS-Port-Type = Async Acct-Status-Type = Start Acct-Authentic = RADIUS Connect-Info = "52000 LAPM/V42BIS" Called-Station-Id = "2744107" Calling-Station-Id = "9075692251" Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 209.112.139.144 Acct-Delay-Time = 0 Client-IP-Address = 209.193.61.249 Acct-Unique-Session-Id = "abef067046a44f52" Timestamp = 1041301649 Mon Dec 30 17:28:27 2002 Acct-Session-Id = "1E002868" User-Name = "[EMAIL PROTECTED]" NAS-IP-Address = 209.112.154.7 NAS-Port = 32 NAS-Port-Type = Async Acct-Status-Type = Stop Acct-Session-Time = 58 Acct-Authentic = RADIUS Connect-Info = "52000 LAPM/V42BIS" Acct-Input-Octets = 2136 Acct-Output-Octets = 788 Called-Station-Id = "2744107" Calling-Station-Id = "9075692251" Acct-Terminate-Cause = User-Request LE-Terminate-Detail = "User Request - PPP Term Req" Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 209.112.139.144 Acct-Delay-Time = 0 Client-IP-Address = 209.193.61.249 Acct-Unique-Session-Id = "abef067046a44f52" Timestamp = 1041301707 I have session information being logged via radutmp & sql in radiusd.conf: session { radutmp sql } the sql database shows the same information as the detail file entries above. radlast shows: testing@ 032:0XCaBw 209.112.139.159 Mon Dec 30 17:29 - 17:35 (00:06) radwho (while the connection was active): testing@cu testing@customcpu PPP S32 Mon 17:36 209.112.1 209.112.139.129 Im not to informed on the more advanced features of the radius protocol, but I have been trying to find something to explain this occurrence in the documentation and cannot. I don't understand how an auth request can come in for a username testing, and be authenticated and logged one place, then show up as [EMAIL PROTECTED] in another log? @customcpu.com should have been stripped from the username before being send to my server, but then again, /var/log/radius shows the request coming in as just testing. I have no reference of any kind to @customcpu.com in any part of my config, so i'm wondering how many parts to a radius authentication request packet there are? Is there a field in the auth request where my server could be seeing @customcpu.com but not considering it when checking against the my mysql user database? I would really love it if someone would at least flame me right before pointing me in some direction that will help me understand what is going on here. Thanks much all. -Chris Ochap - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html