Here are a few lines from my cfg files: In radiusd.conf:
proxy_requests = yes $INCLUDE proxy.conf In proxy.conf: #(this is where I want to forward) home_server aruba { type = coa ipaddr = xx.yy.110.148 port = 1812 src_ipaddr = xx.yy.110.128 coa { # Initial retransmit interval: 1..5 irt = 2 # Maximum Retransmit Timeout: 1..30 (0 == no maximum) mrt = 16 # Maximum Retransmit Count: 1..20 (0 == retransmit forever) mrc = 5 # Maximum Retransmit Duration: 5..60 mrd = 30 } secret = testing123 } home_server_pool to_aruba { home_server = aruba } ###Not really sure about the validity of the last 3 lines... And now I'm puzzled as to how to set the Home-server-pool as stated in recv-coa section of coa: recv-coa { # CoA && Disconnect packets can be proxied in the same # way as authentication or accounting packets. # Just set Proxy-To-Realm, or Home-Server-Pool, and the # packets will be proxied. I tried to find the way that it is done for authentication packet and did not succeed. Also I just want to know if my understanding about the whole process of proxying the CoA is right: The default server config file is of no use here, in the coa I have to state somehow that I want the request to be forwarded to the controller and in the proxy.conf file I have to create this controller-server so that freeradius won't complain about an unknown IP address. Jean Alan DeKok-2 wrote: > > newtownz wrote: >> I'm trying to figure out how to send a CoA from freeRadius >> to the NAS. The set-up I have involves two servers and an >> Aruba controller. > > i.e. proxying CoA packets through FreeRADIUS to the NAS. > > While this should work, it's not a deeply tested scenario. > >> In this test set-up the client authenticates locally on the >> freeRadius server. The server listen on port 3799 for a CoA request >> that is generated from another computer, the freeRadius accepts >> the request and sends a ACK to the generator but it does not >> send anything to the NAS, > > Did you configure the server to proxy the CoA request? Look for > "proxy" in raddb/sites-available/coa in 2.1.9. > >> I tried to supply in the request a >> NAS-IP-Address attribute and also tried with Packet-Dst-IP-Address >> with no success. Also tried different things in CoA and Originate-CoA >> with the same results. > > Well.. the "coa" documents exactly what you need to do. Trying random > *undocumented* things won't make it work. > >> The goal I'm trying to reach is to supply the user-name in the >> CoA request that will force the client to silently reconnect and >> in the meantime I will have changed the Access-List accessible to >> the client. > > Use a Disconnect-Request packet to make the client disconnect. > >> 1: Is it possible to send a CoA request to the freeRadius server >> and then have it relay the request to the Aruba controller? > > Yes. This is called "proxying" > >> 2: If it is possible what do I have to put in the configs file >> and where? > > This is documented. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- View this message in context: http://old.nabble.com/Redirection-to-the-NAS-of-an-external-CoA-request-tp29206196p29216134.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html