OK, I'll be more specific, attached are 2 test configs, one for AuthBy RADSEC and one for a ServerRADSEC.
I had to strip down my complex config to show you the problem. If I logg to stdout with a global 'Trace 4', I see the Receiving packets. But I can't do this in production with a server on heavy load. Therefore I configure a logging clause within the AuthBy RADSEC and within the ServerRADSEC, and then I don't see the receiving packets, only the sending packets. Please see the attached logfiles, too. Is this intentional or a bug? Best Regards Charly -- Karl Gaissmaier Universität Ulm/Germany
Trace 2 Identifier BASE BindAddress 127.0.0.1 AuthPort 1800 AcctPort 1801 LogDir . DbDir . PidFile %L/pid-base DictionaryFile %D/dictionary LogFile <Log FILE> Trace 2 Filename %L/logfile-base </Log> <Client DEFAULT> Secret mysecret StatusServerShowClientDetails </Client> <Realm DEFAULT> <AuthBy RADSEC> PacketTrace <Log FILE> Trace 5 Filename %L/logfile-base-debug </Log> Host 127.0.0.1 Port 2083 Secret radsec UseTLS TLS_CAFile ./certificates/demoCA/cacert.pem TLS_ExpectedPeerName CN=test.server.some.company.com </AuthBy> </Realm>
Trace 2 Identifier UPSTREAM LogDir . DbDir . PidFile %L/pid-upstream DictionaryFile %D/dictionary BindAddress 127.0.0.1 AuthPort 1900 AcctPort 1901 LogFile <Log FILE> Trace 2 Filename %L/logfile-upstream </Log> <Client DEFAULT> Secret mysecret StatusServerShowClientDetails </Client> <Realm DEFAULT> <AuthBy TEST> </AuthBy> </Realm> <ServerRADSEC> PacketTrace <Log FILE> Trace 5 Filename %L/logfile-upstream-debug </Log> BindAddress 127.0.0.1 Port 2083 Secret radsec Protocol tcp UseTLS TLS_CAFile ./certificates/demoCA/cacert.pem TLS_CertificateFile ./certificates/cert-srv.pem TLS_CertificateType PEM TLS_PrivateKeyFile ./certificates/cert-srv.pem TLS_PrivateKeyPassword whatever TLS_RequireClientCert 0 </ServerRADSEC>
Sat Jul 13 18:04:48 2013 973161: DEBUG: Handling with Radius::AuthRADSEC Sat Jul 13 18:04:48 2013 974710: DEBUG: Packet dump: *** Sending request to RadSec 127.0.0.1:2083 .... Code: Access-Request Identifier: 1 Authentic: BEt*$<240><132><140><233>r<239><224><245>8<165><199> Attributes: User-Name = "mike" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Identifier = "203.63.154.1" NAS-Port = 1234 Called-Station-Id = "123456789" Calling-Station-Id = "987654321" NAS-Port-Type = Async User-Password = VA<230><255>`2<216>]<172><229><253><163>K<252><27>! Proxy-State = OSC-Extended-Id=1
Sat Jul 13 18:04:29 2013 048542: DEBUG: Stream connected to 127.0.0.1:43313 Sat Jul 13 18:04:29 2013 048893: DEBUG: StreamTLS sessionInit for 127.0.0.1 Sat Jul 13 18:04:29 2013 049508: DEBUG: StreamTLS receive: Sat Jul 13 18:04:29 2013 049769: DEBUG: StreamTLS SSL_accept result: -1, 2, 8465 Sat Jul 13 18:04:29 2013 050038: DEBUG: StreamTLS send: Sat Jul 13 18:04:29 2013 050181: DEBUG: StreamTLS Server Started for 127.0.0.1:43313 Sat Jul 13 18:04:29 2013 050272: DEBUG: New StreamServer Connection created for 127.0.0.1:43313 Sat Jul 13 18:04:29 2013 111653: DEBUG: StreamTLS receive: 16030100d8010000d4030151e17a8d79bd7650e15798a88bf3f389f4437dfc8c6c666ba812e50f24dfde4c000066c014c00ac022c0210039003800880087c00fc00500350084c012c008c01cc01b00160013c00dc003000ac013c009c01fc01e00330032009a009900450044c00ec004002f00960041c011c007c00cc002000500040015001200090014001100080006000300ff01000045000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f00100011000f000101 Sat Jul 13 18:04:29 2013 113062: DEBUG: StreamTLS SSL_accept result: -1, 2, 8576 Sat Jul 13 18:04:29 2013 113578: DEBUG: StreamTLS send: 160301005602000052030151e17a8dd5d906ecea5551282a24fed83163e4638dda4dfdbcc6c6ee1d7b7d5920610d6be6a94ce495991a74026bbf5e4b8e3d9555c45f67c2e797dbcfda839a8b003500000aff01000100000f00010116030107550b00075100074e0002fb308202f730820260a003020102020102300d06092a864886f70d01010505003081ca310b30090603550406130241553111300f06035504081308566963746f72696131123010060355040713094d656c626f75726e65311e301c060355040a13154f53432044656d6f204365727469666963617465733121301f060355040b1318546573742043657274696669636174652053656374696f6e312f302d060355040313264f534320546573742043412028646f206e6f742075736520696e2070726f64756374696f6e293120301e06092a864886f70d01090116116d696b656d406f70656e2e636f6d2e6175301e170d3131313131363231343832385a170d3133313131353231343832385a30819e310b30090603550406130241553111300f06035504081308566963746f72696131123010060355040713094d656c626f75726e65311e301c060355040a13154f53432044656d6f204365727469666963617465733121301f060355040b1318546573742043657274696669636174652053656374696f6e312530230603550403131c746573742e7365727665722e736f6d652e636f6d70616e792e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d57c3595fc37aaa408887706e52cb4831c51f9696f36fa35ae837d59fc5085ae4d6c6cc538bd46c53e1234aadd4a84306aa0ee49d60850b4636ca7ee05c4aa8efd40643b6ba3a4ea92100318d4e4f50e849abed43a782637abd4f7156bd77a28680afccf47eb8098114c65898227c4b6d612b4522216537e06a4e3dc669cf9eb0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010105050003818100954ad6f2dec660d1094f2e0d62abe0259ae4dde4f17e34b04a02f30c1a5a7b42892bea004e752b5009a5f4cbea393132704fa1a5b8dfc85e13a7899e5718f054c28208fb1c303fb32286b45fcb1413beadf031ff925552a167df6407c04f1b2992f8447f915967f2f3a2c0f42622e864e13a1e8173323b212113cad867d5b27b00044d30820449308203b2a003020102020900a34777ecd346c911300d06092a864886f70d01010505003081ca310b30090603550406130241553111300f06035504081308566963746f72696131123010060355040713094d656c626f75726e65311e301c060355040a13154f53432044656d6f204365727469666963617465733121301f060355040b1318546573742043657274696669636174652053656374696f6e312f302d060355040313264f534320546573742043412028646f206e6f742075736520696e2070726f64756374696f6e293120301e06092a864886f70d01090116116d696b656d406f70656e2e636f6d2e6175301e170d3131313131363231343832375a170d3133313131353231343832375a3081ca310b30090603550406130241553111300f06035504081308566963746f72696131123010060355040713094d656c626f75726e65311e301c060355040a13154f53432044656d6f204365727469666963617465733121301f060355040b1318546573742043657274696669636174652053656374696f6e312f302d060355040313264f534320546573742043412028646f206e6f742075736520696e2070726f64756374696f6e293120301e06092a864886f70d01090116116d696b656d406f70656e2e636f6d2e617530819f300d06092a864886f70d010101050003818d0030818902818100e6379b9a3d9a2bc789ac281f74b87600752accf8f919f9b5a8ac6073e63dd34a42ba650200084930b36356275162c445e1e4e397d73271a4251c6aa821ced62cbedf852dad2ea58e7f19e50f912b6cac4be857caee82e8df1994afd089fbd36eb9b8ae60d89588a380c236d33f724b5e77ec968f985e28e51c860cc1fb5184210203010001a38201333082012f301d0603551d0e041604140eaee519f901645b2bfca04a5ad391578639ee423081ff0603551d230481f73081f480140eaee519f901645b2bfca04a5ad391578639ee42a181d0a481cd3081ca310b30090603550406130241553111300f06035504081308566963746f72696131123010060355040713094d656c626f75726e65311e301c060355040a13154f53432044656d6f204365727469666963617465733121301f060355040b1318546573742043657274696669636174652053656374696f6e312f302d060355040313264f534320546573742043412028646f206e6f742075736520696e2070726f64756374696f6e293120301e06092a864886f70d01090116116d696b656d406f70656e2e636f6d2e6175820900a34777ecd346c911300c0603551d13040530030101ff300d06092a864886f70d010105050003818100e09ba1ec8ce7840ba02977cf4fda6c034527d8ffa9b33bab9357ef61931f719ec73071ec121c54daf82c0f0149e4b217e7593ff47a1ec440c4cb986b3d91ff5d86dc40fb54d2d8c6bb0fc79b6d4d77d0916af496ebaa3324b4141f675397fd662556f9a6691066ed3093832bc11fb72705dd7cf0c3b583df1ce18fa5d7f2260116030100dd0d0000d50301024000cf00cd3081ca310b30090603550406130241553111300f06035504081308566963746f72696131123010060355040713094d656c626f75726e65311e301c060355040a13154f53432044656d6f204365727469666963617465733121301f060355040b1318546573742043657274696669636174652053656374696f6e312f302d060355040313264f534320546573742043412028646f206e6f742075736520696e2070726f64756374696f6e293120301e06092a864886f70d01090116116d696b656d406f70656e2e636f6d2e61750e000000 Sat Jul 13 18:04:29 2013 115129: DEBUG: StreamTLS receive: 16030100070b00000300000016030100861000008200808eca1492470013f3562a6c2f44bfdabf288d3847387c79a2d95b7db433e4dd28df4902c8a2af9926aedf71714da9fd5d04aad66d9f5ddbff948a8fcf0d11cbf76e449d66c30ef91ea6f725b83adb732cdf63bfadab1754562500654a6c2b7268ae053bc879e3e1560d933800a605365ac60a5935c2dbc586123796ef5dd410831403010001011603010030eb7656764e99e921ed3055c654b7482fe3bcf45e4c6224f189ec01c48ac1d8239b02394908cd21b2f80b314fc486514d Sat Jul 13 18:04:29 2013 118369: DEBUG: StreamTLS SSL_accept result: 1, 0, 3 Sat Jul 13 18:04:29 2013 118855: DEBUG: StreamTLS send: 14030100010116030100309df48d24edaa736ba57861608c1dd481d2e2ba84ab4164df412e2a67bee0f4522ee231ae90bb6a8a8544619fea015911 Sat Jul 13 18:04:48 2013 975756: DEBUG: StreamTLS receive: 1703010020adb16f579aa809d903fa00cf289cc40f547a218bf161d49a2450be65015d70251703010090d74033b54f6ed2d3d47a188f344eca5a6c5fab2b70903945ebbb060aec59d6fc5cc03292da2c4ea3035b0f4d564a9a67ab835368f172a17a96c796078607861da11c1b9ce27ea768b67264c8cea0f56bdce3837ffc2be68afd39aa3da73f25345e8a23b2584ab49fc5dc67bc334b6bdc271b285971982478bcd63aa1a810eb82be02de870ac20845da4971bb6c745d87 Sat Jul 13 18:04:48 2013 977607: DEBUG: Packet dump: *** Sending reply to RadSec 127.0.0.1:43313 .... Code: Access-Accept Identifier: 1 Authentic: BEt*$<240><132><140><233>r<239><224><245>8<165><199> Attributes: Proxy-State = OSC-Extended-Id=1 Sat Jul 13 18:04:48 2013 978080: DEBUG: StreamTLS send: 170301002013e3267109c17863b61875e1b34a848c8908ebc9358eabf42aac8f6f8ee7807f17030100408493ba09b99b8db5c76e8720a1421b8e3ea1530d4d0b1d9a63e8a38654be4258a4a3f808196ea513a9304b5f63995bd06fa20d8beb5add974f76626da11eef86
_______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator