Hi,
Now this time with round robin setup. What I am seeing is that each
access request are being sent out in round robin even within the same
authentication session. So, server1 gets the first access-request and
sends access-challenge out and the access-request in response to the
challenge gets sent to server2. Now, server1 waits for the
access-request while the server2 does not know about the access-request
it gets and drops. So, authentication never finishes.
The attached files are the debug output from home server1 and server 2
and the proxy.
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:freeradius-
> [EMAIL PROTECTED] On Behalf Of Htin Hlaing
> Sent: Wednesday, July 07, 2004 2:32 PM
> To: [EMAIL PROTECTED]
> Subject: RE: problem with proxying using fail_over setup
>
> Thanks for that info Alan. That makes sense. Also, what I was
looking
> for is that the second server set up will be tried automatically as
the
> first one is marked death. But, it returns access-reject and the
client
> has to initiate authentication again while the first one is marked
dead
> for the dead time. Any way for me to achieve what I am looking for?
>
> Thanks,
> Htin
>
rad_recv: Access-Request packet from host 192.168.10.118:1814, id=5, length=206
--- Walking the entire request list ---
Waking up in 31 seconds...
Thread 5 got semaphore
Thread 5 handling request 39, (8 handled so far)
Framed-MTU = 1466
NAS-IP-Address = 192.168.10.113
NAS-Identifier = "D-link Corp. Access Point"
User-Name = "user_1"
Service-Type = Framed-User
NAS-Port = 65
NAS-Port-Type = Wireless-802.11
NAS-Port-Id = "ether2_65"
Called-Station-Id = "00-05-5d-99-5f-3a"
Calling-Station-Id = "00-30-65-24-4c-5b"
Connect-Info = "CONNECT Ethernet 0Mbps Full duplex"
EAP-Message = 0x0202000b01757365725f31
Message-Authenticator = 0xf99be789d247177bdd244c5bc5f62a20
Proxy-State = 0x313635
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 39
modcall[authorize]: module "preprocess" returns ok for request 39
radius_xlat:
'/home/hhlaing/Install/radius-June-21-configs/log/radius/radacct/192.168.10.118/auth-detail-20040707'
rlm_detail:
/home/hhlaing/Install/radius-June-21-configs/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/home/hhlaing/Install/radius-June-21-configs/log/radius/radacct/192.168.10.118/auth-detail-20040707
modcall[authorize]: module "auth_log" returns ok for request 39
modcall[authorize]: module "chap" returns noop for request 39
modcall[authorize]: module "mschap" returns noop for request 39
rlm_realm: No '@' in User-Name = "user_1", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 39
rlm_eap: EAP packet type response id 2 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 39
users: Matched user_1 at 104
modcall[authorize]: module "files" returns ok for request 39
modcall: group authorize returns updated for request 39
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 39
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 39
modcall: group authenticate returns handled for request 39
Sending Access-Challenge of id 5 to 192.168.10.118:1814
EAP-Message = 0x010300061920
Message-Authenticator = 0x
State = 0xbffaa2e18c3fe0a78e5183ee7aee01ac
Proxy-State = 0x313635
Finished request 39
Going to the next request
Thread 5 waiting to be assigned a request
--- Walking the entire request list ---
Cleaning up request 39 ID 5 with timestamp 40ec8b45
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 192.168.10.118:1814, id=4, length=315
--- Walking the entire request list ---
Waking up in 31 seconds...
Thread 3 got semaphore
Thread 3 handling request 7, (2 handled so far)
Framed-MTU = 1466
NAS-IP-Address = 192.168.10.113
NAS-Identifier = "D-link Corp. Access Point"
User-Name = "user_1"
Service-Type = Framed-User
NAS-Port = 65
NAS-Port-Type = Wireless-802.1