OK, I'll be more specific,

attached are 2 test configs, one for
AuthBy RADSEC and one for a ServerRADSEC.

I had to strip down my complex config to show you the problem.

If I logg to stdout with a global 'Trace 4', I see the Receiving
packets. But I can't do this in production with a server on
heavy load. Therefore I configure a logging clause within
the AuthBy RADSEC and within the ServerRADSEC, and then I don't see
the receiving packets, only the sending packets.

Please see the attached logfiles, too.

Is this intentional or a bug?

Best Regards
   Charly

--
Karl Gaissmaier
Universität Ulm/Germany
Trace           2
Identifier      BASE

BindAddress     127.0.0.1
AuthPort        1800
AcctPort        1801

LogDir          .
DbDir           .
PidFile         %L/pid-base
DictionaryFile  %D/dictionary

LogFile
<Log FILE>
        Trace               2
        Filename            %L/logfile-base
</Log>

<Client DEFAULT>
        Secret  mysecret
        StatusServerShowClientDetails
</Client>


<Realm DEFAULT>
        <AuthBy RADSEC>
                PacketTrace
                <Log FILE>
                        Trace               5
                        Filename            %L/logfile-base-debug
                </Log>

                Host            127.0.0.1
                Port            2083
                Secret          radsec

                UseTLS
                TLS_CAFile              ./certificates/demoCA/cacert.pem
                TLS_ExpectedPeerName    CN=test.server.some.company.com
        </AuthBy>
</Realm>
Trace           2
Identifier      UPSTREAM

LogDir          .
DbDir           .
PidFile         %L/pid-upstream
DictionaryFile  %D/dictionary

BindAddress     127.0.0.1
AuthPort        1900
AcctPort        1901

LogFile
<Log FILE>
        Trace               2
        Filename            %L/logfile-upstream
</Log>

<Client DEFAULT>
        Secret  mysecret
        StatusServerShowClientDetails
</Client>

<Realm DEFAULT>
        <AuthBy TEST>
        </AuthBy>
</Realm>


<ServerRADSEC>
        PacketTrace
        <Log FILE>
                Trace               5
                Filename            %L/logfile-upstream-debug
        </Log>

        BindAddress     127.0.0.1
        Port            2083
        Secret          radsec
        Protocol        tcp
        UseTLS

        TLS_CAFile              ./certificates/demoCA/cacert.pem
        TLS_CertificateFile     ./certificates/cert-srv.pem
        TLS_CertificateType     PEM
        TLS_PrivateKeyFile      ./certificates/cert-srv.pem
        TLS_PrivateKeyPassword  whatever

        TLS_RequireClientCert   0
</ServerRADSEC>
Sat Jul 13 18:04:48 2013 973161: DEBUG: Handling with Radius::AuthRADSEC
Sat Jul 13 18:04:48 2013 974710: DEBUG: Packet dump:
*** Sending request to RadSec 127.0.0.1:2083 ....
Code:       Access-Request
Identifier: 1
Authentic:  BEt*$<240><132><140><233>r<239><224><245>8<165><199>
Attributes:
        User-Name = "mike"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Identifier = "203.63.154.1"
        NAS-Port = 1234
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        NAS-Port-Type = Async
        User-Password = VA<230><255>`2<216>]<172><229><253><163>K<252><27>!
        Proxy-State = OSC-Extended-Id=1

Sat Jul 13 18:04:29 2013 048542: DEBUG: Stream connected to 127.0.0.1:43313
Sat Jul 13 18:04:29 2013 048893: DEBUG: StreamTLS sessionInit for 127.0.0.1
Sat Jul 13 18:04:29 2013 049508: DEBUG: StreamTLS receive: 
Sat Jul 13 18:04:29 2013 049769: DEBUG: StreamTLS SSL_accept result: -1, 2, 8465
Sat Jul 13 18:04:29 2013 050038: DEBUG: StreamTLS send: 
Sat Jul 13 18:04:29 2013 050181: DEBUG: StreamTLS Server Started for 
127.0.0.1:43313
Sat Jul 13 18:04:29 2013 050272: DEBUG: New StreamServer Connection created for 
127.0.0.1:43313
Sat Jul 13 18:04:29 2013 111653: DEBUG: StreamTLS receive: 
16030100d8010000d4030151e17a8d79bd7650e15798a88bf3f389f4437dfc8c6c666ba812e50f24dfde4c000066c014c00ac022c0210039003800880087c00fc00500350084c012c008c01cc01b00160013c00dc003000ac013c009c01fc01e00330032009a009900450044c00ec004002f00960041c011c007c00cc002000500040015001200090014001100080006000300ff01000045000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f00100011000f000101
Sat Jul 13 18:04:29 2013 113062: DEBUG: StreamTLS SSL_accept result: -1, 2, 8576
Sat Jul 13 18:04:29 2013 113578: DEBUG: StreamTLS send: 
160301005602000052030151e17a8dd5d906ecea5551282a24fed83163e4638dda4dfdbcc6c6ee1d7b7d5920610d6be6a94ce495991a74026bbf5e4b8e3d9555c45f67c2e797dbcfda839a8b003500000aff01000100000f00010116030107550b00075100074e0002fb308202f730820260a003020102020102300d06092a864886f70d01010505003081ca310b30090603550406130241553111300f06035504081308566963746f72696131123010060355040713094d656c626f75726e65311e301c060355040a13154f53432044656d6f204365727469666963617465733121301f060355040b1318546573742043657274696669636174652053656374696f6e312f302d060355040313264f534320546573742043412028646f206e6f742075736520696e2070726f64756374696f6e293120301e06092a864886f70d01090116116d696b656d406f70656e2e636f6d2e6175301e170d3131313131363231343832385a170d3133313131353231343832385a30819e310b30090603550406130241553111300f06035504081308566963746f72696131123010060355040713094d656c626f75726e65311e301c060355040a13154f53432044656d6f204365727469666963617465733121301f060355040b1318546573742043657274696669636174652053656374696f6e312530230603550403131c746573742e7365727665722e736f6d652e636f6d70616e792e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d57c3595fc37aaa408887706e52cb4831c51f9696f36fa35ae837d59fc5085ae4d6c6cc538bd46c53e1234aadd4a84306aa0ee49d60850b4636ca7ee05c4aa8efd40643b6ba3a4ea92100318d4e4f50e849abed43a782637abd4f7156bd77a28680afccf47eb8098114c65898227c4b6d612b4522216537e06a4e3dc669cf9eb0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010105050003818100954ad6f2dec660d1094f2e0d62abe0259ae4dde4f17e34b04a02f30c1a5a7b42892bea004e752b5009a5f4cbea393132704fa1a5b8dfc85e13a7899e5718f054c28208fb1c303fb32286b45fcb1413beadf031ff925552a167df6407c04f1b2992f8447f915967f2f3a2c0f42622e864e13a1e8173323b212113cad867d5b27b00044d30820449308203b2a003020102020900a34777ecd346c911300d06092a864886f70d01010505003081ca310b30090603550406130241553111300f06035504081308566963746f72696131123010060355040713094d656c626f75726e65311e301c060355040a13154f53432044656d6f204365727469666963617465733121301f060355040b1318546573742043657274696669636174652053656374696f6e312f302d060355040313264f534320546573742043412028646f206e6f742075736520696e2070726f64756374696f6e293120301e06092a864886f70d01090116116d696b656d406f70656e2e636f6d2e6175301e170d3131313131363231343832375a170d3133313131353231343832375a3081ca310b30090603550406130241553111300f06035504081308566963746f72696131123010060355040713094d656c626f75726e65311e301c060355040a13154f53432044656d6f204365727469666963617465733121301f060355040b1318546573742043657274696669636174652053656374696f6e312f302d060355040313264f534320546573742043412028646f206e6f742075736520696e2070726f64756374696f6e293120301e06092a864886f70d01090116116d696b656d406f70656e2e636f6d2e617530819f300d06092a864886f70d010101050003818d0030818902818100e6379b9a3d9a2bc789ac281f74b87600752accf8f919f9b5a8ac6073e63dd34a42ba650200084930b36356275162c445e1e4e397d73271a4251c6aa821ced62cbedf852dad2ea58e7f19e50f912b6cac4be857caee82e8df1994afd089fbd36eb9b8ae60d89588a380c236d33f724b5e77ec968f985e28e51c860cc1fb5184210203010001a38201333082012f301d0603551d0e041604140eaee519f901645b2bfca04a5ad391578639ee423081ff0603551d230481f73081f480140eaee519f901645b2bfca04a5ad391578639ee42a181d0a481cd3081ca310b30090603550406130241553111300f06035504081308566963746f72696131123010060355040713094d656c626f75726e65311e301c060355040a13154f53432044656d6f204365727469666963617465733121301f060355040b1318546573742043657274696669636174652053656374696f6e312f302d060355040313264f534320546573742043412028646f206e6f742075736520696e2070726f64756374696f6e293120301e06092a864886f70d01090116116d696b656d406f70656e2e636f6d2e6175820900a34777ecd346c911300c0603551d13040530030101ff300d06092a864886f70d010105050003818100e09ba1ec8ce7840ba02977cf4fda6c034527d8ffa9b33bab9357ef61931f719ec73071ec121c54daf82c0f0149e4b217e7593ff47a1ec440c4cb986b3d91ff5d86dc40fb54d2d8c6bb0fc79b6d4d77d0916af496ebaa3324b4141f675397fd662556f9a6691066ed3093832bc11fb72705dd7cf0c3b583df1ce18fa5d7f2260116030100dd0d0000d50301024000cf00cd3081ca310b30090603550406130241553111300f06035504081308566963746f72696131123010060355040713094d656c626f75726e65311e301c060355040a13154f53432044656d6f204365727469666963617465733121301f060355040b1318546573742043657274696669636174652053656374696f6e312f302d060355040313264f534320546573742043412028646f206e6f742075736520696e2070726f64756374696f6e293120301e06092a864886f70d01090116116d696b656d406f70656e2e636f6d2e61750e000000
Sat Jul 13 18:04:29 2013 115129: DEBUG: StreamTLS receive: 
16030100070b00000300000016030100861000008200808eca1492470013f3562a6c2f44bfdabf288d3847387c79a2d95b7db433e4dd28df4902c8a2af9926aedf71714da9fd5d04aad66d9f5ddbff948a8fcf0d11cbf76e449d66c30ef91ea6f725b83adb732cdf63bfadab1754562500654a6c2b7268ae053bc879e3e1560d933800a605365ac60a5935c2dbc586123796ef5dd410831403010001011603010030eb7656764e99e921ed3055c654b7482fe3bcf45e4c6224f189ec01c48ac1d8239b02394908cd21b2f80b314fc486514d
Sat Jul 13 18:04:29 2013 118369: DEBUG: StreamTLS SSL_accept result: 1, 0, 3
Sat Jul 13 18:04:29 2013 118855: DEBUG: StreamTLS send: 
14030100010116030100309df48d24edaa736ba57861608c1dd481d2e2ba84ab4164df412e2a67bee0f4522ee231ae90bb6a8a8544619fea015911
Sat Jul 13 18:04:48 2013 975756: DEBUG: StreamTLS receive: 
1703010020adb16f579aa809d903fa00cf289cc40f547a218bf161d49a2450be65015d70251703010090d74033b54f6ed2d3d47a188f344eca5a6c5fab2b70903945ebbb060aec59d6fc5cc03292da2c4ea3035b0f4d564a9a67ab835368f172a17a96c796078607861da11c1b9ce27ea768b67264c8cea0f56bdce3837ffc2be68afd39aa3da73f25345e8a23b2584ab49fc5dc67bc334b6bdc271b285971982478bcd63aa1a810eb82be02de870ac20845da4971bb6c745d87
Sat Jul 13 18:04:48 2013 977607: DEBUG: Packet dump:
*** Sending reply to RadSec 127.0.0.1:43313 ....
Code:       Access-Accept
Identifier: 1
Authentic:  BEt*$<240><132><140><233>r<239><224><245>8<165><199>
Attributes:
        Proxy-State = OSC-Extended-Id=1

Sat Jul 13 18:04:48 2013 978080: DEBUG: StreamTLS send: 
170301002013e3267109c17863b61875e1b34a848c8908ebc9358eabf42aac8f6f8ee7807f17030100408493ba09b99b8db5c76e8720a1421b8e3ea1530d4d0b1d9a63e8a38654be4258a4a3f808196ea513a9304b5f63995bd06fa20d8beb5add974f76626da11eef86
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Reply via email to