> ok, next try to explain the problem: > > if i start radtest everything looks fine: > radtest 111...@test 111...@test localhost:1645 0 *secret* > Sending Access-Request of id 176 to 127.0.0.1 port 1645 > User-Name = \"111...@test\" > User-Password = \"111...@test\" > NAS-IP-Address = 172.x.x.x > NAS-Port = 0 > rad_recv: Access-Accept packet from host 127.0.0.1 port > 1645, id=176, length=20 >
So, no shared secret error! Secrets match for authentication but don't for accounting. Check *accounting* port secrets on both ends. > > if i look in freeradius-debug: > > rad_recv: Access-Request packet from host 127.0.0.1 port > 58236, id=177, length=64 > User-Name = \"111...@test\" > User-Password = \"111...@test\" > NAS-IP-Address = 172.x.x.x > NAS-Port = 0 > +- entering group authorize {...} > ++[preprocess] returns ok > expand: > /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d > -> > /var/log/freeradius/radacct/127.0.0.1/auth-detail-20090708 > [auth_log] > /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d > expands to > /var/log/freeradius/radacct/127.0.0.1/auth-detail-20090708 > expand: %t -> Wed Jul 8 13:07:36 2009 > ++[auth_log] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] Looking up realm \"test\" for User-Name = > \"111...@test\" > [suffix] Found realm \"test\" > [suffix] Adding Realm = \"test\" > [suffix] Proxying request from user 111111 to realm test > [suffix] Preparing to proxy authentication request to realm > \"test\" > ++[suffix] returns updated > [prefix] Request already proxied. Ignoring. > ++[prefix] returns ok > [eap] No EAP-Message, not doing EAP > ++[eap] returns noop > ++[files] returns noop > ++[expiration] returns noop > ++[logintime] returns noop > ++[pap] returns noop > > ------------------until here ok------------------------- > > Sending Access-Request of id 207 to 172.y.y.y port 1812 > User-Name = \"111...@test\" > User-Password = \"111...@test\" > NAS-IP-Address = 172.x.x.x > NAS-Port = 0 > Proxy-State = 0x313737 > Proxying request 34 to home server 172.y.y.y port 1812 > Sending Access-Request of id 207 to 172.y.y.y port 1812 > User-Name = \"111...@test\" > User-Password = \"111...@test\" > NAS-IP-Address = 172.x.x.x > NAS-Port = 0 > Proxy-State = 0x313737 > > -----------------why a second identical > request?-------------------- It's not the second request, it's the same one. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html