Re: Proxying to Cistron
"Mustafa N. Deeb" <[EMAIL PROTECTED]> wrote:
> Accounting through proxy does not work
>
> You have to the changes below and recompile, I hope FreeRadius
> programmers will add this in next releases
I don't recall seeing that patch, and it's for an *old* version of
the source.
All patches should be against the latest CVS version, as the bugs
may have been fixed, or the code may have been re-arranged.
> in acct.c
> line 57
>
> /*
> * Do accounting
> */
> reply = module_accounting(request);
>
> /*
> * Maybe one of the preacct modules has decided
> * that a proxy should be used. If so, get out of
> * here and send the packet.
> */
> if(pairfind(request->config_items, PW_PROXY_TO_REALM)) {
> module_accounting(request); <- ADD THIS
>
> return reply;
> }
No, I don't think that's the solution. And it's a patch to an older
version of the source.
Please upgrade to the latest CVS snapshot. I think that will fix
the problem.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxying to Cistron
On Thu, Sep 27, 2001 at 10:12:58AM +0600, Mojahedul Hoque Abul Hasanat wrote: > On Wed, Sep 26, 2001 at 09:49:50PM +, Miquel van Smoorenburg wrote: > > >radius.log. For any request that came to it from the FreeRADIUS Holly Shit! I prayed then installed a recent snapshot (20010924). It couldn't have worked better! I did some tcpdumps and debugs with the 0.2 beta, it was receiving the proxy reply alright, but just forgot to send a reply back to the NAS. I'm going to try it out on our production box again. Thanks to the FreeRADIUS team for a superb product. -- Mojahed System Administrator Agni Systems Limited - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Proxying to Cistron
I have the same problem,
On the mailing list for freeRadius, there is a posted patch for this.
Accounting through proxy does not work
You have to the changes below and recompile, I hope FreeRadius
programmers will add this in next releases
in acct.c
line 57
reply = RLM_MODULE_OK;
/*
* Do accounting
*/
reply = module_accounting(request);
/*
* Maybe one of the preacct modules has decided
* that a proxy should be used. If so, get out of
* here and send the packet.
*/
if(pairfind(request->config_items, PW_PROXY_TO_REALM)) {
module_accounting(request); <<<<<- ADD THIS
return reply;
}
Cheers
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Aaron
Weiker
Sent: Thursday, September 27, 2001 1:01 AM
To: [EMAIL PROTECTED]
Subject: Re: Proxying to Cistron
> Cistron does send the ack packet correctly, but FreeRADIUS
> remains oblivious to it and keeps on sending the acc start and
> stop packets for nearly 20 times.
>
>
> --
> Mojahed
> System Administrator
> Agni Systems Limited
I'm currently using Steel-Belted and I had this similar experience
recently
proxying to a Cistron AAA server. What appeared to be the problem was an
incorrect shared secret. You may want to double check that. It's
definatly
something that is easily overlooked.
Aaron Weiker
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxying to Cistron
On Wed, Sep 26, 2001 at 09:49:50PM +, Miquel van Smoorenburg wrote: > >radius.log. For any request that came to it from the FreeRADIUS > >server, it shows either 'Accounting: login ... wrong order' or > >'Accounting: logout: ... wrong ID'. Worse, FreeRADIUS seems > >unable to auth from Cistron. > > Do you have multiple interfaces or multiple IP addresses configured > on one or both boxes? Nopes, both boxes have one IP. -- Mojahed System Administrator Agni Systems Limited - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxying to Cistron
> Cistron does send the ack packet correctly, but FreeRADIUS > remains oblivious to it and keeps on sending the acc start and > stop packets for nearly 20 times. > > > -- > Mojahed > System Administrator > Agni Systems Limited I'm currently using Steel-Belted and I had this similar experience recently proxying to a Cistron AAA server. What appeared to be the problem was an incorrect shared secret. You may want to double check that. It's definatly something that is easily overlooked. Aaron Weiker - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxying to Cistron
In article <[EMAIL PROTECTED]>, Mojahedul Hoque Abul Hasanat <[EMAIL PROTECTED]> wrote: >I replaced our patched Cistron with FreeRADIUS. The FreeRADIUS >server proxies a few realms to a Cistron on another machine. > >Just after the upgrade, Cistron is complaining loudly in >radius.log. For any request that came to it from the FreeRADIUS >server, it shows either 'Accounting: login ... wrong order' or >'Accounting: logout: ... wrong ID'. Worse, FreeRADIUS seems >unable to auth from Cistron. Do you have multiple interfaces or multiple IP addresses configured on one or both boxes? If so make sure that the server is bound to one known IP address and use only that address. For the cistron server use the '-i' command line flag, for the freeradius server use the bind_address directive in radiusd.conf Mike. -- "I think...I think it's in my basement. Let me go upstairs and check." -- M.C. Escher (1898-1972) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxying to Cistron
At 07:43 PM 9/26/2001 +0600, you wrote: >Is anyone on the list proxying to Cistron? I am proxying to XTRadius, which is a cistron variation, and it works 100%. -- Nathan Miller Visp Systems Administration Voice: 541-476-5352 ext. 4 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxying to Cistron
On Wed, Sep 26, 2001 at 01:41:19PM -0400, [EMAIL PROTECTED] wrote: > Does it not receive them, or does it receive them, and throw > them away? Sorry, couldn't check that. I had the audacity to run FreeRADIUS on a production box. I am back on my custom patched Cistron now. I will do a test tomorrow. -- Mojahed System Administrator Agni Systems Limited - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxying to Cistron
Mojahedul Hoque Abul Hasanat <[EMAIL PROTECTED]> wrote: > Thanks. I'm doing it right now. It seems FreeRADIUS does not > receive the ack radius packets properly for accounting start and > stop packets. Auth packets seem to be OK. Does it not receive them, or does it receive them, and throw them away? Running in debugging mode would give you that information. Alan Dekok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxying to Cistron
On Wed, Sep 26, 2001 at 10:28:04AM -0400, [EMAIL PROTECTED] wrote: > So if Cistron doesn't like the proxied accounting packets, > blame the NAS, not FreeRADIUS. Hmm, everything just wroks fine if I replace FreeRADIUS with Cistron. > > Worse, FreeRADIUS seems unable to auth from Cistron. > > Define 'unable'. If you run both in debugging mode, there > should be LOTS of messages telling you what's going on, and > what the problems are. Thanks. I'm doing it right now. It seems FreeRADIUS does not receive the ack radius packets properly for accounting start and stop packets. Auth packets seem to be OK. Cistron does send the ack packet correctly, but FreeRADIUS remains oblivious to it and keeps on sending the acc start and stop packets for nearly 20 times. -- Mojahed System Administrator Agni Systems Limited - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxying to Cistron
Mojahedul Hoque Abul Hasanat <[EMAIL PROTECTED]> wrote: > I replaced our patched Cistron with FreeRADIUS. The FreeRADIUS > server proxies a few realms to a Cistron on another machine. > > Just after the upgrade, Cistron is complaining loudly in > radius.log. For any request that came to it from the FreeRADIUS > server, it shows either 'Accounting: login ... wrong order' or > 'Accounting: logout: ... wrong ID'. FreeRADIUS only proxies the requests it gets from the NAS. The default configuration doesn't edit or modify proxied accounting packets. So if Cistron doesn't like the proxied accounting packets, blame the NAS, not FreeRADIUS. > Worse, FreeRADIUS seems unable to auth from Cistron. Define 'unable'. If you run both in debugging mode, there should be LOTS of messages telling you what's going on, and what the problems are. There may even be messages telling you how to fix the problem. > The old (main) Cistron box is also running and the NAS'es have > them as their secondary. FreeRADIUS times out after a lot of > retries, then the NAS'es make the request to the older Cistron, > so I'm not dead yet! > > Is anyone on the list proxying to Cistron? I'm not. But I don't see why there should be any problem. > Before anyone asks, shared secrets are correct. OK. My solution (as always) is to run both servers in debugging mode. You will probably get enough information from that to solve the problem. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxying to Cistron
Dear List, I replaced our patched Cistron with FreeRADIUS. The FreeRADIUS server proxies a few realms to a Cistron on another machine. Just after the upgrade, Cistron is complaining loudly in radius.log. For any request that came to it from the FreeRADIUS server, it shows either 'Accounting: login ... wrong order' or 'Accounting: logout: ... wrong ID'. Worse, FreeRADIUS seems unable to auth from Cistron. The old (main) Cistron box is also running and the NAS'es have them as their secondary. FreeRADIUS times out after a lot of retries, then the NAS'es make the request to the older Cistron, so I'm not dead yet! Is anyone on the list proxying to Cistron? Before anyone asks, shared secrets are correct. -- Mojahed System Administrator Agni Systems Limited - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
