Um, typical. Just tried something out of desperation and commented out EAP in post-proxy, and guess what, cooking with gas.
Thanks anyways. Ben -----Original Message----- From: Ben Butler [mailto:[EMAIL PROTECTED] Sent: 10 May 2004 23:59 To: '[EMAIL PROTECTED]' Subject: Proxy Problem with attrs and Cisco-AVPair Hi All, I have two servers running freeradius-0.9.3, I am trying to proxy radius request for a specific realm from one server (server1) to the other (server2). I believe I have updated radius.conf and attrs correctly as well as proxy.conf and clients.conf. Using radtest on server2 to initiate a query against server1 and then viewing the debug -X log on server1 I can see the request is being proxied and coming back and then seems to be getting stuck in the post-proxy section. This is where I am now stuck. I need to be able to return multiple variable Cisco-AVPair attributes in the proxied request ip:dns-servers and ip:route. I have included below information that I thought may be useful to help with this request. Thanks for any and all help Kind Regards Ben Attrs file DEFAULT Service-Type == Framed-User, Service-Type == Login-User, Login-Service == Telnet, Login-Service == Rlogin, Login-Service == TCP-Clear, Login-TCP-Port <= 65536, Framed-IP-Address == 255.255.255.254, Framed-IP-Netmask == 255.255.255.255, Framed-Protocol == PPP, Framed-Protocol == SLIP, Framed-Compression == Van-Jacobson-TCP-IP, Framed-MTU >= 576, Framed-Filter-ID =* ANY, Reply-Message =* ANY, Proxy-State =* ANY, Session-Timeout <= 28800, Idle-Timeout <= 600, Port-Limit <= 2, Cisco-AVPair =* ANY radiusd.conf file section post-proxy { # attr_rewrite attr_filter eap } Debug: Listening on IP address *, ports 1645/udp and 1646/udp, with proxy on 1647/udp. Ready to process requests. rad_recv: Access-Request packet from host 213.170.128.11:32802, id=233, length=80 User-Name = "[EMAIL PROTECTED]" User-Password = "testing" NAS-IP-Address = 255.255.255.255 NAS-Port = 1645 modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 radius_xlat: '/usr/local/var/log/radius/radacct/213.170.128.11/auth-detail-20040510' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/213.170.128.11/auth-detail-20040510 modcall[authorize]: module "auth_log" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "attr_filter" returns noop for request 0 modcall[authorize]: module "eap" returns noop for request 0 rlm_realm: No '/' in User-Name = "[EMAIL PROTECTED]", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "realmslash" returns noop for request 0 rlm_realm: Looking up realm "proxy.c2internet.net" for User-Name = "[EMAIL PROTECTED]" rlm_realm: Found realm "proxy.c2internet.net" rlm_realm: Proxying request from user testing to realm proxy.c2internet.net rlm_realm: Adding Realm = "proxy.c2internet.net" rlm_realm: Preparing to proxy authentication request to realm "proxy.c2internet.net" modcall[authorize]: module "suffix" returns updated for request 0 users: Matched DEFAULT at 166 modcall[authorize]: module "files" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 modcall: group authorize returns updated for request 0 Sending Access-Request of id 1 to 213.170.128.11:1645 User-Name = "[EMAIL PROTECTED]" User-Password = "testing" NAS-IP-Address = 255.255.255.255 NAS-Port = 1645 Proxy-State = 0x323333 --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Accept packet from host 213.170.128.11:1645, id=1, length=159 Framed-IP-Address = 10.10.10.1 Cisco-AVPair = "ip:route=213.170.150.8 255.255.255.252 10.10.10.1" Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Netmask = 255.255.255.255 Cisco-AVPair = "ip:dns-servers=213.170.128.16 213.170.128.150" Proxy-State = 0x323333 modcall: entering group post-proxy for request 0 attr_filter: Matched entry DEFAULT at line 84 modcall[post-proxy]: module "attr_filter" returns updated for request 0 Kind Regards Ben Butler ++++++++++++++++++++++++++++++++++++++ C2 Internet Ltd Alvaston House Alvaston Business Park Nantwich Cheshire CW5 6PF W http://www.c2internet.net/ T +44-(0)845-658-0020 F +44-(0)845-658-0070 All quotes & services from C2 are bound by our standard terms and conditions which are available on our website at: http://www.c2internet.net/legal/main.htm#tandc - --------------------------------------------------------- C2i Business Internet http://www.c2internet.net/ ---------------------------------------------------------- This message has been checked for all known viruses by the MessageLabs Virus Scanning Service. ---------------------------------------------------------- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - --------------------------------------------------------- C2i Business Internet http://www.c2internet.net/ ---------------------------------------------------------- This message has been checked for all known viruses by the MessageLabs Virus Scanning Service. ---------------------------------------------------------- - --------------------------------------------------------- C2i Business Internet http://www.c2internet.net/ ---------------------------------------------------------- This message has been checked for all known viruses by the MessageLabs Virus Scanning Service. ---------------------------------------------------------- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
