Statistic RADIUS
Hi all, In my Scenario FreeRadius is used as RADIUS PROXY. Is it possible with FreeRadius generating the statistics based on an Attribute? i.e The statistics based on NAS-Port-ID. Thanks in advance for your support. Regards Marco - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
help HMAC-MD5
Hi all, Sorry, but I'm confused about HMAC-MD5 method. I'm working on Radius Proxy Implementation. The scenario is the following RADIUS Client - Radius Proxy - Radius Server. Radius Client sends a Radius Packet towards Radius Proxy (Message-Authenticator not used). Radius Proxy sends the Radius Packet towards Radius Server using HMAC-MD5 method. How to configure RADIUS Proxy? Should I add MD5-Password Attribute? MD5-Password is identical to Shared Secret between Radius Proxy and Radius Server? Thanks in advance Marco - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius-Users Digest, Vol 50, Issue 18
Hi Nicolas,
Be careful that using MD5 is not possible with all authenfication
methods:
http://deployingradius.com/documents/protocols/compatibility.html
(as you cannot uncrypt a hash)
I'm working on Radius Proxy.
The method used for Authentication is EAP-TLS. The server is configured with a
certificate for EAP-TLS.
As Radius Proxy, I need to send the packet, received from Radius Client,
towards Radius Server, with a Message-Authenticator (HMAC-MD5).
Home_server function:
home_server SERVER1 {
...
require_message_authenticator = yes
secret = Shared Secret assigned to RAdiusServer
...
}
As Radius Proxy, should I define an authentication protocols?
Thanks
Regards
Marco
-Original Message-
From:
freeradius-users-bounces+marco.de.magistris=ericsson@lists.freeradius.org
[mailto:freeradius-users-bounces+marco.de.magistris=ericsson@lists.freeradius.org]
On Behalf Of freeradius-users-requ...@lists.freeradius.org
Sent: giovedì 4 giugno 2009 13.55
To: freeradius-users@lists.freeradius.org
Subject: Freeradius-Users Digest, Vol 50, Issue 18
Send Freeradius-Users mailing list submissions to
freeradius-users@lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
freeradius-users-requ...@lists.freeradius.org
You can reach the person managing the list at
freeradius-users-ow...@lists.freeradius.org
When replying, please edit your Subject line so it is more specific
than Re: Contents of Freeradius-Users digest...
Today's Topics:
1. Re: dealing with 'corrupt' detail file (Arran Cudbard-Bell)
2. How use tagged atrributes? (r.fila...@ttk.ru)
3. help HMAC-MD5 (Marco De Magistris)
4. Re: help HMAC-MD5 (Nicolas Goutte)
--
Message: 1
Date: Thu, 04 Jun 2009 11:34:59 +0100
From: Arran Cudbard-Bell a.cudbard-b...@sussex.ac.uk
Subject: Re: dealing with 'corrupt' detail file
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID: 4a27a353.3050...@sussex.ac.uk
Content-Type: text/plain; charset=UTF-8
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
(I've already got, on my list, use Calling-Station-Id
instead of NAS-Port for the unique function as many
NAS use the same port for every accounting packet :-|)
Create a patch, and send it to the list via git format-patch. Best
practices really need to go into the server configuration. Anything
else is too frustrating for the end users.
I was hoping to get a small discussion initiated that would
hopefully bring up a few things that people find they have to do
to their configs ...at the end of which we get a nice comprehensive
list of updates needed for the core server configuration (and hopefully
a large number of 'you need to change this or add that' blog/wiki/random
document entries removed across the world)
We write out a different detail file per hour. If for whatever reason
the account buffer gets to be big, and you have to restart the server,
at least you only have to deal with an hours worth of duplicate
accounting logs.
And just as Alan DeKok suggested:
accounting {
#
# Log traffic to an SQL database.
#
# See Accounting queries in sql.conf
sql {
invalid = 2
}
if (invalid) {
ok
}
}
You can log it to a rejects detail file as well, if you want to dissect
the packets later.
The other (far more difficult) to handle one, is where you're using this
to Proxy eduroam Accounting records back to an ORPS.
If the administrator of the ORPS has been particularly... obnoxious.
Then the ORPS will not send Accounting-Responses, and the packet will be
stuck in the detail file indefinitely.
Our workaround is:
accounting {
#
# Icky workaround for lack of universal eduroam accounting support
# Really need NRPS to manufacture accounting response.
#
if((Acct-Delay-Time 600) || (Realm != 'remote.jrs')){
proxy_to_realm
}
#
# Since we're proxying, we don't log anything
# locally. Ensure that the accounting section
# succeeds by forcing an ok return.
ok
}
This sucks, because perfectly valid Accounting Requests might be lost if
they were received at around the same time as invalid ones.
I'd be interested to hear if anyone has a better solution than the above.
Thanks,
Arran
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkono1MACgkQcaklux5oVKKh8ACdHgDLbeRIF6wpJY9boGATfybU
AiUAoIsSVWWYt6LUETZ6Ky15Out8Fm+w
=cShM
-END PGP SIGNATURE-
--
Message: 2
Date: Thu, 4 Jun 2009 15:39:12 +0400
From
RE: Freeradius-Users Digest, Vol 49, Issue 117
Hi Alan
Thanks for your help.
Marco
-Original Message-
From:
freeradius-users-bounces+marco.de.magistris=ericsson@lists.freeradius.org
[mailto:freeradius-users-bounces+marco.de.magistris=ericsson@lists.freeradius.org]
On Behalf Of freeradius-users-requ...@lists.freeradius.org
Sent: martedì 26 maggio 2009 17.58
To: freeradius-users@lists.freeradius.org
Subject: Freeradius-Users Digest, Vol 49, Issue 117
Send Freeradius-Users mailing list submissions to
freeradius-users@lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
freeradius-users-requ...@lists.freeradius.org
You can reach the person managing the list at
freeradius-users-ow...@lists.freeradius.org
When replying, please edit your Subject line so it is more specific
than Re: Contents of Freeradius-Users digest...
Today's Topics:
1. Re: Statistic Counter (Alan DeKok)
2. problem with rlm_counter module when reset option is set to
never (Ahmed Nifaz Faizabadi)
3. Re: problem with rlm_counter module when reset option is set
to never (Ivan Kalik)
4. Re: problem with rlm_counter module when reset option is set
to never (Ahmed Nifaz Faizabadi)
5. Re: problem with rlm_counter module when reset option is set
to never (Alan DeKok)
6. Assigning IP address from RADIUS to Cisco PPTP users (u...@3.am)
7. wired 802.1x for desktops (offtopic) (Mikael Kermorgant)
8. FW: freeradius2.1.4--Simultaneous (??)
--
Message: 1
Date: Tue, 26 May 2009 13:29:51 +0200
From: Alan DeKok al...@deployingradius.com
Subject: Re: Statistic Counter
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID: 4a1bd2af.5050...@deployingradius.com
Content-Type: text/plain; charset=UTF-8
Marco De Magistris wrote:
Can I enable other counters for AuthRadiusClientAccessRetransmissions,
AuthRadiusClientTimeouts, AuthRadiusClientCounterDiscontinuity)?
The server does not currently track those statistics.
As always, patches are welcome.
Or I should use ?counter? module of FreeRadius?
No. It won't do what you want.
Alan DeKok.
--
Message: 2
Date: Tue, 26 May 2009 18:13:59 +0530
From: Ahmed Nifaz Faizabadi ahmedni...@gmail.com
Subject: problem with rlm_counter module when reset option is set to
never
To: freeradius-users@lists.freeradius.org
Message-ID:
d49df1900905260543k4228999ai4aeb7ff46b595...@mail.gmail.com
Content-Type: text/plain; charset=ISO-8859-1
Hi all,
Here is the issue I am facing with rlm_counter module.
I am using freeradius-server-2.1.4 and configuring Max session time
for each user.
for example:
user1 Max-Session-Time := 1800, Auth-Type := Reject
Reply-Message = Your time limit is used
user2 Max-Session-Time := 3600, Auth-Type := Reject
Reply-Message = Your time limit is used
and rlm_counter options are :
counter daily {
counter-name = Max-All-Session-Time
check-name = Max-All-Session
key = User-Name
reset = never
}
I am observing that the user accounting record is not deleted from
rlm_counter module once the user has used his allocated time. For
example when user1 has used 1800 seconds allocated to him then I will
be deleting the user from users config and then add the same user
back. I am getting the Your time limit is used message :(.
Does somebody has information about how to delete the records from
rlm_counter module once they are expired with reset-option set to
never.
Regards
Ahmed Nifaz
--
Message: 3
Date: Tue, 26 May 2009 14:15:35 +0100 (BST)
From: Ivan Kalik t...@kalik.net
Subject: Re: problem with rlm_counter module when reset option is set
to never
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID:
30874.194.176.105.44.1243343735.squir...@webmail.kalik.net
Content-Type: text/plain;charset=utf-8
Here is the issue I am facing with rlm_counter module.
I am using freeradius-server-2.1.4 and configuring Max session time
for each user.
for example:
user1 Max-Session-Time := 1800, Auth-Type := Reject
Reply-Message = Your time limit is used
user2 Max-Session-Time := 3600, Auth-Type := Reject
Reply-Message = Your time limit is used
and rlm_counter options are :
counter daily {
counter-name = Max-All-Session-Time
check-name = Max-All-Session
key = User-Name
reset = never
}
I am observing that the user accounting record is not deleted from
rlm_counter module once the user has used his allocated time.
And what makes you think it would be.
For
example when user1 has used 1800
Fail-over. Send the request directly to Server2
Hi guys, My scenario is: -- Radius Server 1 Radius Client -- Radius Proxy --- -- Radius Server 2 Radius Proxy sends the request to the first live home server in the list (fail-over method). Radius Proxy sends the request towards Server1. Server 1 is down. Now the Radius Proxy rejects the Request. Radius Client Radius Proxy Radius Server1 |Request --| Request-- | | -- Reject | | Can RadiusProxy send the request directly towards Server2, if Server1 is down? Radius Client Radius Proxy Radius Server1 |Request --| Request -- | (Server1 is down, Radius Proxy sends packet towards Server2) Radius Server2 | | Request --| | | -- Accept | Thanks in advance Marco - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Statistic Counter
Hi all, Thanks in advance for your help. My scenario is shown below: Radius Client-- Radius Proxy Radius Server 192.168.1.2 192.168.1.3 -- IPS1(192.168.1.4) I need the following Authentication Statistic of the RADIUS Server (192.168.1.4) AuthRadiusClientAccessRequestsCounter32, AuthRadiusClientAccessRetransmissions Counter32, AuthRadiusClientAccessAccepts Counter32, AuthRadiusClientAccessRejects Counter32, AuthRadiusClientAccessChallenges Counter32, AuthRadiusClientMalformedAccessResponses Counter32, AuthRadiusClientBadAuthenticators Counter32, AuthRadiusClientPendingRequests Gauge32, AuthRadiusClientTimeouts Counter32, AuthRadiusClientUnknownTypes Counter32, AuthRadiusClientPacketsDroppedCounter32, AuthRadiusClientCounterDiscontinuity TimeTicks Launch the command: echo Message-Authenticator = 0x00, FreeRADIUS-Statistics-Type = 1 , FreeRADIUS-Stats-Server-IP-Address = 192.168.1.4 , FreeRADIUS-Stats-Server-Port = 1812 | ./radclient -s 192.168.1.3:1812 status SHAREDSECRET Received response ID 59, code 2, length = 140 FreeRADIUS-Total-Access-Requests = 56 FreeRADIUS-Total-Access-Accepts = 0 FreeRADIUS-Total-Access-Rejects = 1 FreeRADIUS-Total-Access-Challenges = 0 FreeRADIUS-Total-Auth-Responses = 0 FreeRADIUS-Total-Auth-Duplicate-Requests = 3 FreeRADIUS-Total-Auth-Malformed-Requests = 0 FreeRADIUS-Total-Auth-Invalid-Requests = 0 FreeRADIUS-Total-Auth-Dropped-Requests = 5 FreeRADIUS-Total-Auth-Unknown-Types = 0 Total approved auths: 1 Total denied auths: 0 Total lost auths: 0 Can I enable other counters for AuthRadiusClientAccessRetransmissions, AuthRadiusClientTimeouts, AuthRadiusClientCounterDiscontinuity)? Or I should use counter module of FreeRadius? RadiusClientAccessRetransmissions The number of RADIUS Access-Request packets retransmitted to this RADIUS authentication server. This counter may experience a discontinuity when the RADIUS Client module within the managed entity is reinitialized, as indicated by the current value of edaRadiusServerCounterDiscontinuity. RadiusClientTimeouts The number of authentication timeouts to this server. After a timeout, the client may retry to the same server, send to a different server, or give up. A retry to the same server is counted as a retransmit as well as a timeout. A send to a different server is counted as a Request as well as a timeout. This counter may experience a discontinuity when the RADIUS Client module within the managed entity is reinitialized, as indicated by the current value of edaRadiusServerCounterDiscontinuity. RadiusClientCounterDiscontinuity The number of centiseconds since the last discontinuity in the RADIUS Client counters. A discontinuity may be the result of a reinitialization of the RADIUS Client module within the managed entity. Thanks Regards Marco - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius-Users Digest, Vol 49, Issue 100
Hi Ivan, 4. Proxying packets from a fixed source IP address (Alan DeKok) It is good idea. Thank for your help. The solution works fine. Marco -Original Message- From: freeradius-users-bounces+marco.de.magistris=ericsson@lists.freeradius.org [mailto:freeradius-users-bounces+marco.de.magistris=ericsson@lists.freeradius.org] On Behalf Of freeradius-users-requ...@lists.freeradius.org Sent: giovedì 21 maggio 2009 18.50 To: freeradius-users@lists.freeradius.org Subject: Freeradius-Users Digest, Vol 49, Issue 100 Send Freeradius-Users mailing list submissions to freeradius-users@lists.freeradius.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to freeradius-users-requ...@lists.freeradius.org You can reach the person managing the list at freeradius-users-ow...@lists.freeradius.org When replying, please edit your Subject line so it is more specific than Re: Contents of Freeradius-Users digest... Today's Topics: 1. Re: Freeradius-Users Digest, Vol 49, Issue 95 (Alan DeKok) 2. RE: Freeradius-Users Digest, Vol 49, Issue 95 (Ivan Kalik) 3. Re: question about session resumption and reply attributes (Alan DeKok) 4. Proxying packets from a fixed source IP address (Alan DeKok) 5. Re: Rewriting User-Name in pre-proxy (William Taylor) 6. Re: current RHEL/CentOS pre-built packages (Was: freeRADIUS) (Just E. Mail) 7. Re: current RHEL/CentOS pre-built packages (Was: freeRADIUS) (a.l.m.bu...@lboro.ac.uk) 8. Re: current RHEL/CentOS pre-built packages (Was: freeRADIUS) (John Dennis) 9. Re: current RHEL/CentOS pre-built packages (Was: freeRADIUS) (Just E. Mail) -- Message: 1 Date: Thu, 21 May 2009 15:00:51 +0200 From: Alan DeKok al...@deployingradius.com Subject: Re: Freeradius-Users Digest, Vol 49, Issue 95 To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Message-ID: 4a155083.1020...@deployingradius.com Content-Type: text/plain; charset=ISO-8859-1 Marco De Magistris wrote: In my opinion the packet (received from Radius Client) is sent towards the default gateway. Yes. That's how neteworking works. The following link describes the same scenario: http://www.opensubscriber.com/message/freeradius-users@lists.freeradius.org/82575.html They introduce *proxyip = 10.10.10.10* in proxy.conf. In 2.x, you can define the addresses that the server opens for proxying. See the listen section of radiusd.conf. That may help. Alan DeKok. -- Message: 2 Date: Thu, 21 May 2009 14:27:51 +0100 (BST) From: Ivan Kalik t...@kalik.net Subject: RE: Freeradius-Users Digest, Vol 49, Issue 95 To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Message-ID: 17832.194.176.105.43.1242912471.squir...@webmail.kalik.net Content-Type: text/plain;charset=utf-8 3. RE: Freeradius-Users Digest, Vol 49, Issue 93 (Ivan Kalik) Radius Client-- Radius Proxy 192.168.1.2 192.168.1.3 192.168.14.3 -- IPS1(192.168.14.4) 192.168.24.3 -- IPS2(192.168.24.4) You say: Yes. Proxy server will change NAS-IP-Address from the original NAS address into it's own. That is OK. It not works. In my scenario I have two different NAS-IP-Address(a NAS-IP-Address for ISP1 and a NAS-IP-Address for ISP2). That's because that can't work: # Note: type = proxy lets you control the source IP used for # proxying packets, with some limitations: # # * Only ONE proxy listener can be defined. # * A proxy listener CANNOT be used in a virtual server section. # * You should probably set port = 0. # * Any clients configuration will be ignored. You can't define two IPs on which to proxy. You need two proxy servers for that: proxy1 gets requests from NAS - if it's for isp1 proxy to 192.168.14.4 from 192.168.14.3 if it's for isp2, proxy to proxy2 (also from 192.168.14.3) proxy2 will have 192.168.24.3 configured as proxy port and proxy to 192.168.24.4 (isp2) You can even have proxy1 and proxy2 on the same machine, one listening on 1812+ ports and other on 1645+ ports. They just can't be the same radiusd process. Ivan Kalik Kalik Informatika ISP -- Message: 3 Date: Thu, 21 May 2009 16:05:39 +0200 From: Alan DeKok al...@deployingradius.com Subject: Re: question about session resumption and reply attributes To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Message-ID: 4a155fb3.7010...@deployingradius.com Content-Type: text/plain; charset=ISO-8859-1 Arran Cudbard-Bell wrote: Yes, so
RE: Freeradius-Users Digest, Vol 49, Issue 93
What does that mean? IP of the original NAS packet?
I have 2 interfaces towards the network.
Radius Client-- Radius Proxy
192.168.1.2 192.168.1.3 192.168.14.3 -- IPS1(192.168.14.4)
192.168.24.3 -- IPS2(192.168.24.4)
Steps:
1)Radius Client --- Send packet with NAS-IP-Address = 192.168.1.2
towards Radius Proxy.
2)Radius Proxy changes NAS-IP-Address with 192.168.14.3 for IPS1(or
192.168.24.3 for IPS2) and sends it.
You say that changing NAS-IP-Address the packet is transmitted correctly. Right?
From 192.168.14.3 to IPS1(192.168.14.4) if NAS-IP-Address = 192.168.14.3
From 192.168.24.3 to IPS1(192.168.24.4) if NAS-IP-Address = 192.168.24.3
That's in internal attribute Packet-Src-IP-Address.
Should I modify this attribute or FreeRadius associates Packet-Src-IP-Address =
NAS-IP-Address.
Thanks again
Marco
-Original Message-
From:
freeradius-users-bounces+marco.de.magistris=ericsson@lists.freeradius.org
[mailto:freeradius-users-bounces+marco.de.magistris=ericsson@lists.freeradius.org]
On Behalf Of freeradius-users-requ...@lists.freeradius.org
Sent: mercoledì 20 maggio 2009 14.12
To: freeradius-users@lists.freeradius.org
Subject: Freeradius-Users Digest, Vol 49, Issue 93
Send Freeradius-Users mailing list submissions to
freeradius-users@lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
freeradius-users-requ...@lists.freeradius.org
You can reach the person managing the list at
freeradius-users-ow...@lists.freeradius.org
When replying, please edit your Subject line so it is more specific
than Re: Contents of Freeradius-Users digest...
Today's Topics:
1. RE: Freeradius-Users Digest, Vol 49, Issue 89 (Ivan Kalik)
2. Re: Long attribute name (Alan DeKok)
3. Sql Counter reads only the first 4 digits
(Mauro Iorio - Smart Soft s.r.l.)
4. Re: question about windows users (Bartosz Chodzinski)
5. Re: Sql Counter reads only the first 4 digits (Alan DeKok)
--
Message: 1
Date: Wed, 20 May 2009 12:44:28 +0100 (BST)
From: Ivan Kalik t...@kalik.net
Subject: RE: Freeradius-Users Digest, Vol 49, Issue 89
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID:
41583.194.176.105.44.1242819868.squir...@webmail.kalik.net
Content-Type: text/plain;charset=utf-8
The problem is the following:
The customers ask me if possible send them the packets from an
interface defined.
What does that mean? IP of the original NAS packet? That's in internal
attribute Packet-Src-IP-Address.
My Radius proxy listen on an IP address (i.e. 192.168.1.3) for
authentication packet and forwarding them towards two different networks
(i.e. 192.168.14.4(Customer1) and 192.168.24.4(Customer2))
Ivan Kalik
Kalik Informatika ISP
--
Message: 2
Date: Wed, 20 May 2009 13:50:35 +0200
From: Alan DeKok al...@deployingradius.com
Subject: Re: Long attribute name
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID: 4a13ee8b.1000...@deployingradius.com
Content-Type: text/plain; charset=ISO-8859-1
Ming-Ching Tiew wrote:
I know it's almost trivial to go an alter the table column size, but for
users convenience, the sql attribute length should be increased. Currently
the schema.sql which comes with the distribution is varchar(32). One of the
motorola wimax attributes is 39 characters,
Motorola-WiMAX-Maximum-Commit-Bandwidth. And I notice the mysql silently
truncate the inserted string.
That's reasonable.
Alan DeKok.
--
Message: 3
Date: Wed, 20 May 2009 13:58:32 +0200
From: Mauro Iorio - Smart Soft s.r.l. m.io...@smartsoft.it
Subject: Sql Counter reads only the first 4 digits
To: 'FreeRadius users mailing list'
freeradius-users@lists.freeradius.org
Message-ID: 370da20735bc482c80a4249bf3946...@zuccherino
Content-Type: text/plain; charset=us-ascii
Hi all,
I've a strange problem with sql counter on freeradius both 1.1.7 and 2.1.5
versions.
Actually executing
SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='mauro'
from SQL Server Management Studio gives me 294841 (Yes, that's a lot of
seconds, is a test user)
while the output of radiusd -X (ver 2.1.5) is:
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand: 'SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{
User-Name}''
[sessioncounter]expand: SELECT SUM(AcctSessionTime) FROM radacct
WHERE U
help me: proxing towards 2 different networks
Hi all,
Thanks in advance for your help.
Here is our Scenario which is working now:
1. Radius Client sends packets towards Radius Proxy (from
192.168.1.2 to 192.168.1.3)
2. Radius proxy listen on 192.168.1.3 for authentication packet and
forwarding them towards two different network (192.168.14.4 and
192.168.24.4)
Can I configure this scenario using FreeRadius?
The current configuration is:
First configuration
Radiusd.conf
listen {
ipaddr = 192.168.1.2
port = 1812
type = auth
interface = eth18
}
proxy.conf
home_server Server1 {
type = auth
ipaddr = 192.168.14.4
port = 1812
secret = SECRET
require_message_authenticator = yes
}
home_server Server2 {
type = auth
ipaddr = 192.168.24.4
port = 1812
secret = SECRET
require_message_authenticator = yes
}
home_server_pool Serverpool1 {
type = fail-over
home_server = Server1
}
home_server_pool Serverpool2 {
type = fail-over
home_server = Server2
}
realm isp1.com {
auth_pool = Serverpool1
}
realm isp2.com {
auth_pool = Serverpool2
}
Results:
Expiration of the Timeout
Second configuration
Adding in radiusd.conf:
listen {
ipaddr = 192.168.14.3
port = 1812
type = proxy
}
Results:
The packet is received correctly by Server1, but I can't send any packet
towards Server2.
Latest configuration
Adding in radiusd.conf:
listen {
ipaddr = 192.168.14.3
port = 1812
type = proxy
}
listen {
ipaddr = 192.168.24.3
port = 1812
type = proxy
}
Results:
Expiration of the Timeout
image002.jpg-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
