Hi
i am trying to use FAILUREPOLICY field in the hostselect statement. The
value FAILUREPOLICY is set to 1 (see the database output), this
should result in a reject to NAS if the host radius does not respond.
unfortunatly this is not happening, the NAS gets still no answer from
the proxy radius. i can conclude that the proxy radius does use the failure
policy to send a reject instead of a ignore. below you can find configuration
and the output
with kind regards
Mohamed Majdoubi
KPN Telecom
#####################################################################
radius setup
#####################################################################
|||||||||||||||||||||| |||||||||||||||||||||| ||||||||||||||||||||||
| NAS |
--------------------- proxy
|------------------------ radius
||||||||||||||||||||||
||||||||||||||||||||||
||||||||||||||||||||||
#####################################################################
Configuration
#####################################################################
<AuthBy SQLRADIUS> Identifier ProxyToOffice FailureBackoffTime 60 DBSource dbi:mysql:ProxyDB DBUsername root DBAuth HostSelect select HOST%0, SECRET, AUTHPORT, ACCTPORT, RETRIES, RETRYTIMEOUT, FAILUREPOLICY from \ RADSQLRADIUS where TARGETNAME='%R' StripFromRequest Cisco-NAS-Port,
\
NAS-Port, \ NAS-Port-Type, \ NAS-IP-Address, \ Called-Station-Id, \ Calling-Station-Id AddToRequest Service-Class = %{Reply:Service-Class} AllowInReply Service-Type, \ Framed-Protocol, \ Framed-IP-Netmask, \ Framed-IP-Address, \ Ascend-Client-Primary-DNS, \ Ascend-Client-Secondary-DNS, \ Loopback-Tag, \ Release-Name, \ VRF-Tag ReplyHook file:"%D/reply.pl"
</AuthBy> #####################################################################
Database output
##################################################################### mysql> select HOST1, SECRET, AUTHPORT, ACCTPORT, RETRIES, RETRYTIMEOUT,
FAILUREPOLICY from RADSQLRADIUS where
TARGETNAME='office1';
+-----------+--------+----------+----------+---------+--------------+---------------+ | HOST1 | SECRET | AUTHPORT | ACCTPORT | RETRIES | RETRYTIMEOUT | FAILUREPOLICY | +-----------+--------+----------+----------+---------+--------------+---------------+ | 127.0.0.1 | kpn | 1812 | 1813 | 2 | 5 | 1 | +-----------+--------+----------+----------+---------+--------------+---------------+ 1 row in set (0.00 sec) #####################################################################
Debug
##################################################################### Code: Access-Request
Identifier: 2 Authentic: 1234567890123456 Attributes: User-Name = "mohamed@office1" Service-Type = Framed-User User-Password = "<166><186>H1By%<222><155><151><153><171><216>!U<133>" Service-Class = "office2-1.1.1.1-2222" Wed Sep 11 11:03:22 2002: DEBUG: Timed out, retransmitting
Wed Sep 11 11:03:22 2002: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 1812 .... Packet length = 83
01 02 00 53 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 01 11 6d 6f 68 61 6d 65 64 40 6f 66 66 69 63 65 31 06 06 00 00 00 02 02 12 a6 ba 48 31 42 79 25 de 9b 97 99 ab d8 21 55 85 95 16 6f 66 66 69 63 65 32 2d 31 2e 31 2e 31 2e 31 2d 32 32 32 32 Code: Access-Request Identifier: 2 Authentic: 1234567890123456 Attributes: User-Name = "mohamed@office1" Service-Type = Framed-User User-Password = "<166><186>H1By%<222><155><151><153><171><216>!U<133>" Service-Class = "office2-1.1.1.1-2222" Wed Sep 11 11:03:27 2002: INFO: AuthRADIUS: No reply after 2
retransmissions to 127.0.0.1:1812 for mohamed@off
ice1 (132) Wed Sep 11 11:03:27 2002: INFO: AuthRADIUS could not find a working host to forward to. Ignoring |
- RE: (RADIATOR) hostslect FAILUREPOLICY bug! Mohamed Majdoubi
- RE: (RADIATOR) hostslect FAILUREPOLICY bug! Martin Edge
- Re: (RADIATOR) hostslect FAILUREPOLICY bug! Hugh Irvine