At 09:58 PM 10/15/2003, you wrote:
I tried to set the Radius server (0.9.1 on Red Hat 9) so it can do
proxy. I use the sql module for authentication (mysql).
I have two users, [EMAIL PROTECTED]' and 'alex_chen'. in the DB.
I setup the proxy.conf like the followings so that if the proxy server
192.168.1.12 fails, it will try to authenticate locally. (Following the
sample in proxy.conf for round-robin proxy.)
proxy server {
synchronous = yes
From /path/to/src/radiusd/raddb/proxy.conf:
If this [synchrounous] is set to 'No', then we send the retries on our own
schedule...
If you want to have the server send proxy retries ONLY when the NAS sends
its retries to the server, then set this to 'yes', and the other proxy
configuration parameters to 0 (zero).
So, try setting synchronous to 'no' and see if you still have problems with
the failover.
HTH,
Chris
retry_delay = 5
retry_count = 3
dead_time = 120
default_fallback = yes
post_proxy_authorize = no
}
realm myhome.com {
type= radius
authhost= 192.168.1.12:1812
accthost= 192.168.1.12:1813
secret = testing123
}
#
# The fail-over server
#
realm myhome.com {
type= radius
authhost= LOCAL
accthost= LOCAL
}
But when I run the radius with -X flag, I got the following message:
..
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=228, length=89
User-Name = [EMAIL PROTECTED]
User-Password = alextest
NAS-IP-Address = 192.168.2.1
NAS-Port = 1
NAS-Port-Id = gateway
modcall: entering group authorize
modcall[authorize]: module preprocess returns ok
rlm_eap: EAP-Message not found
modcall[authorize]: module eap returns noop
rlm_realm: Looking up realm myhome.com for User-Name =
[EMAIL PROTECTED]
rlm_realm: Found realm myhome.com
rlm_realm: Adding Stripped-User-Name = alex_chen
rlm_realm: Proxying request from user alex_chen to realm myhome.com
rlm_realm: Adding Realm = myhome.com
rlm_realm: Preparing to proxy authentication request to realm
myhome.com
modcall[authorize]: module suffix returns updated
radius_xlat: 'alex_chen'
...
...
modcall: group authorize returns updated
Sending Access-Request of id 1 to 192.168.1.12:1812
User-Name = alex_chen
User-Password = alextest
NAS-IP-Address = 192.168.2.1
NAS-Port = 1
NAS-Port-Id = gateway
Proxy-State = 228
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=228, length=89
Dropping conflicting packet from client localhost:1025 - ID: 228 due to
unfinished request 1
--- Walking the entire request list ---
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 224 with timestamp 3f8de7df
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=228, length=89
Dropping conflicting packet from client localhost:1025 - ID: 228 due to
unfinished request 1
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=228, length=89
Dropping conflicting packet from client localhost:1025 - ID: 228 due to
unfinished request 1
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=228, length=89
Dropping conflicting packet from client localhost:1025 - ID: 228 due to
unfinished request 1
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=228, length=89
Dropping conflicting packet from client localhost:1025 - ID: 228 due to
unfinished request 1
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=228, length=89
Dropping conflicting packet from client localhost:1025 - ID: 228 due to
unfinished request 1
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=228, length=89
Dropping conflicting packet from client localhost:1025 - ID: 228 due to
unfinished request 1
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=228, length=89
Dropping conflicting packet from client localhost:1025 - ID: 228 due to
unfinished request 1
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=228, length=89
Dropping conflicting packet from client localhost:1025 - ID: 228 due to
unfinished request 1
On the client side, I got the following message. (I use radclient to send
the packets)
Sending User-Name = [EMAIL PROTECTED], User-Password = alextest,
NAS-IP-Address = 192.168.2.1, NAS-Port = 1, NAS-Port-Id = gateway to
/usr/local/bin/radclient -S secret_file
