Yes, as Host B is used as both proxy and also authentication server depending on the realm received. When host B acts as a authentication server, the [sql] in post-auth is used to log some message for that particular username. When host B acts as a proxy, the [sql] failed as the username from access-accept is missing. Therefore, any method that can avoid the case such that [sql] won't be invoked when host B acts as a proxy ?
-----Original Message----- From: Paolo Rotela [mailto:[EMAIL PROTECTED] Sent: 2005/9/21 [星期三] 下午 08:28 To: FreeRadius users mailing list Cc: Subject: Re: cannot return access accept from proxy to client Seeing your output, it says that it's failing because "post-auth" module is failing due to the fail of the "sql" module invoked. Lookup your radiusd.conf file, and see why you are using sql in post-auth, and see if this setup is correct. ----- Original Message ----- From: Wilson Lie <mailto:[EMAIL PROTECTED]> To: freeradius-users@lists.freeradius.org Sent: Wednesday, September 21, 2005 5:58 AM Subject: cannot return access accept from proxy to client Hi all, I encountered a problem during authentication request. Would you give me a hand ? Many thanks! Configuration: Host A ( Radius server) Host B ( proxy all requests to host A ) Problem: 1) Access-Request is sent to Host B from client 2) Host B proxy request to Host A 3) Host A sends Access-Accept to Host B 4) Host B receive Access-Accept from Host A 5) Host B sends Access-Reject to client ( log message comes below) *My question is how can I set radius such that it can send the access-accept to client ? ================================================================ rad_recv: Access-Accept packet from host xxx.xxx.xxx.xxx:1812, id=3, length=156 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 hints: Matched DEFAULT at 81 modcall[authorize]: module "preprocess" returns ok for request 3 radius_xlat: '/usr/local/var/log/radius/radacct/xxx.xxx.xxx.xxx/auth-detail-20050921' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/xxx.xxx.xxx.xxx/auth-detail-20050921 modcall[authorize]: module "auth_log" returns ok for request 3 rlm_realm: Proxy reply, or no User-Name. Ignoring. modcall[authorize]: module "suffix" returns noop for request 3 users: Matched entry DEFAULT at line 168 modcall[authorize]: module "files" returns ok for request 3 modcall: group authorize returns ok for request 3 rad_check_password: Found Auth-Type SQL rad_check_password: Auth-Type = Accept, accepting the user Login OK: [EMAIL PROTECTED]/8F4Lf0T] (from client ivrs port 0 cli 00-0C-41-2F-00-71) Processing the post-auth section of radiusd.conf modcall: entering group post-auth for request 3 radius_xlat: '/usr/local/var/log/radius/radacct/xxx.xxx.xxx.xxx/reply-detail-20050921' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/xxx.xxx.xxx.xxx/reply-detail-20050921 modcall[post-auth]: module "reply_log" returns ok for request 3 rlm_sql (sql): Processing sql_postauth radius_xlat: '' modcall[post-auth]: module "sql" returns fail for request 3 modcall: group post-auth returns fail for request 3 Delaying request 3 for 1 seconds Finished request 3 ======================================================================= ___________________________________________________ (c) 2005 Interactive Technology Holdings Limited Group. All rights reserved. CONFIDENTIALITY: This communication and any attachment(s) is intended solely for the person or organisation to which it is addressed and it may be confidential. This communication may contain confidential or legally privileged material and may not be copied, redistributed or published (in whole or in part) without our prior written consent. This communication may have been intercepted, partially destroyed, arrive late, incomplete or contain viruses and no liability is accepted by any member of the Interactive Technology Holdings Limited Group as a result. If you are not the intended recipient, employee or agent responsible for delivering the message to the intended recipient you must not copy, disclose, distribute or take any action in reliance on it. If you have received this communication in error, please immediately reply and highlight the error to the sender immediately and destroy the original from your computer. _____ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ____________________________________________________________ (c) 2005 Interactive Technology Holdings Limited Group. All rights reserved. CONFIDENTIALITY: This communication and any attachment(s) is intended solely for the person or organisation to which it is addressed and it may be confidential. This communication may contain confidential or legally privileged material and may not be copied, redistributed or published (in whole or in part) without our prior written consent. This communication may have been intercepted, partially destroyed, arrive late, incomplete or contain viruses and no liability is accepted by any member of the Interactive Technology Holdings Limited Group as a result. If you are not the intended recipient, employee or agent responsible for delivering the message to the intended recipient you must not copy, disclose, distribute or take any action in reliance on it. If you have received this communication in error, please immediately reply and highlight the error to the sender immediately and destroy the original from your computer. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html