Yes, as Host B is used as both proxy and also authentication server depending
on the realm received.
When host B acts as a authentication server, the [sql] in post-auth is used
to log some message for
that particular username.
When host B acts as a proxy, the [sql] failed as the username from
access-accept is missing.
Therefore, any method that can avoid the case such that [sql] won't be invoked
when host B acts as a proxy ?
-----Original Message-----
From: Paolo Rotela [mailto:[EMAIL PROTECTED]
Sent: 2005/9/21 [星期三] 下午 08:28
To: FreeRadius users mailing list
Cc:
Subject: Re: cannot return access accept from proxy to client
Seeing your output, it says that it's failing because "post-auth"
module is failing due to the fail of the "sql" module invoked. Lookup your
radiusd.conf file, and see why you are using sql in post-auth, and see if this
setup is correct.
----- Original Message -----
From: Wilson Lie <mailto:[EMAIL PROTECTED]>
To: freeradius-users@lists.freeradius.org
Sent: Wednesday, September 21, 2005 5:58 AM
Subject: cannot return access accept from proxy to client
Hi all,
I encountered a problem during authentication request. Would
you give me a hand ?
Many thanks!
Configuration:
Host A ( Radius server)
Host B ( proxy all requests to host A )
Problem:
1) Access-Request is sent to Host B from client
2) Host B proxy request to Host A
3) Host A sends Access-Accept to Host B
4) Host B receive Access-Accept from Host A
5) Host B sends Access-Reject to client ( log message
comes below)
*My question is how can I set radius such that it can send the
access-accept to client ?
================================================================
rad_recv: Access-Accept packet from host xxx.xxx.xxx.xxx:1812,
id=3, length=156
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
hints: Matched DEFAULT at 81
modcall[authorize]: module "preprocess" returns ok for
request 3
radius_xlat:
'/usr/local/var/log/radius/radacct/xxx.xxx.xxx.xxx/auth-detail-20050921'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/var/log/radius/radacct/xxx.xxx.xxx.xxx/auth-detail-20050921
modcall[authorize]: module "auth_log" returns ok for request 3
rlm_realm: Proxy reply, or no User-Name. Ignoring.
modcall[authorize]: module "suffix" returns noop for request 3
users: Matched entry DEFAULT at line 168
modcall[authorize]: module "files" returns ok for request 3
modcall: group authorize returns ok for request 3
rad_check_password: Found Auth-Type SQL
rad_check_password: Auth-Type = Accept, accepting the user
Login OK: [EMAIL PROTECTED]/8F4Lf0T] (from client ivrs port 0
cli 00-0C-41-2F-00-71)
Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 3
radius_xlat:
'/usr/local/var/log/radius/radacct/xxx.xxx.xxx.xxx/reply-detail-20050921'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d
expands to
/usr/local/var/log/radius/radacct/xxx.xxx.xxx.xxx/reply-detail-20050921
modcall[post-auth]: module "reply_log" returns ok for request
3
rlm_sql (sql): Processing sql_postauth
radius_xlat: ''
modcall[post-auth]: module "sql" returns fail for request 3
modcall: group post-auth returns fail for request 3
Delaying request 3 for 1 seconds
Finished request 3
=======================================================================
___________________________________________________
(c) 2005 Interactive Technology Holdings Limited Group.
All rights reserved.
CONFIDENTIALITY: This communication and any attachment(s)
is intended solely for the person or organisation to which
it is addressed and it may be confidential. This
communication may contain confidential or legally privileged
material and may not be copied, redistributed or published
(in whole or in part) without our prior written consent.
This communication may have been intercepted, partially
destroyed, arrive late, incomplete or contain viruses and no
liability is accepted by any member of the Interactive
Technology Holdings Limited Group as a result. If you are
not the intended recipient, employee or agent responsible
for delivering the message to the intended recipient you
must not copy, disclose, distribute or take any action in
reliance on it. If you have received this communication in
error, please immediately reply and highlight the error to
the sender immediately and destroy the original from your
computer.
_____
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
____________________________________________________________
(c) 2005 Interactive Technology Holdings Limited Group.
All rights reserved.
CONFIDENTIALITY: This communication and any attachment(s)
is intended solely for the person or organisation to which
it is addressed and it may be confidential. This
communication may contain confidential or legally privileged
material and may not be copied, redistributed or published
(in whole or in part) without our prior written consent.
This communication may have been intercepted, partially
destroyed, arrive late, incomplete or contain viruses and no
liability is accepted by any member of the Interactive
Technology Holdings Limited Group as a result. If you are
not the intended recipient, employee or agent responsible
for delivering the message to the intended recipient you
must not copy, disclose, distribute or take any action in
reliance on it. If you have received this communication in
error, please immediately reply and highlight the error to
the sender immediately and destroy the original from your
computer.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
