Re: IAS and Openser

2006-09-14 Thread Artur Hayne 
   modcall[authorize]: module "auth_log" returns ok for request 3   modcall[authorize]: module "chap" returns noop for request 3     rlm_realm: Looking up realm "voip.domain.br" for User-Name = "[EMAIL PROTECTED]"     rlm_realm: Found realm "DEFAULT"     rlm_realm: Proxying request from user teste to realm DEFAULT     rlm_realm: Adding Realm = "DEFAULT"     rlm_realm: Preparing to proxy authentication request to realm "DEFAULT"   modcall[authorize]: module "suffix" returns updated for request 3 rlm_digest: Adding Auth-Type = DIGEST   modcall[authorize]: module "digest" returns ok for request 3 rlm_ldap: - authorize rlm_ldap: performing user authorization for [EMAIL PROTECTED] radius_xlat:  '([EMAIL PROTECTED])' radius_xlat:  'ou=users,dc=voip,dc=domain,dc=br' rlm_ldap: ldap_get_conn: Checking Id:
 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=users,dc=voip,dc=domain,dc=br, with filter ([EMAIL PROTECTED]) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0   modcall[authorize]: module "ldap" returns notfound for request 3 modcall: leaving group authorize (returns notfound) for request 3 Sending Access-Request of id 3 to 10.2.1.XY port 1600     User-Name = "[EMAIL PROTECTED]"     Digest-Attributes = 0x0a077465737465     Digest-Attributes = 0x010e766f69702e756662612e6272     Digest-Attributes = 0x022a34353039343233343264313165616336306262366262633263373539643630666362383939656131     Digest-Attributes =
 0x04127369703a766f69702e756662612e6272     Digest-Attributes = 0x030a5245474953544552     Digest-Response = "4283445dcb36643dab5f437e10f692bf"     Service-Type = IAPP-Register     X-Ascend-PW-Lifetime = 0x7465737465     NAS-IP-Address = 10.2.1.XX     NAS-Port = 5060     Proxy-State = 0x323038 Re-sending Access-Request of id 0 to 10.2.1.XX port 1600     User-Name = "[EMAIL PROTECTED]"     Digest-Attributes = 0x0a077465737465     Digest-Attributes = 0x010e766f69702e756662612e6272     Digest-Attributes =
 0x022a34353039343233343264313165616336306262366262633263373539643630666362383939656131     Digest-Attributes = 0x04127369703a766f69702e756662612e6272     Digest-Attributes = 0x030a5245474953544552     Digest-Response = "4283445dcb36643dab5f437e10f692bf"     Service-Type = IAPP-Register     X-Ascend-PW-Lifetime = 0x7465737465     NAS-IP-Address = 10.2.1.XX     NAS-Port = 5060     Client-IP-Address = 10.2.1.XX     Realm = "DEFAULT"     Module-Failure-Message = "rlm_ldap: User not found"     Realm =
 "DEFAULT"     Proxy-State = 0x323035 Waking up in 1 seconds... rad_recv: Access-Request packet from host 10.2.1.XX:33634, id=206, length=200 Ignoring duplicate packet from client OpenSER:33634 - ID: 206, due to outstanding proxied request 1.  Its seems the proxy is working, but it dont communicate with the IAS.   -- Module-Failure-Message = "rlm_ldap: User not found" -- I dont know what meanig, but the sound is not good. The command ldasearch return a rigth answer, I dont know what happended.  The problem is in IAS? How can I test it?  Any ideia?  Merci.  [EMAIL PROTECTED] escreveu:Hi,>  How can I transform freeradius server in a proxy?>  I configured the proxy.conf, but seems dont work>>  And I uncommnet the line in radiusd.conf:>>  proxy_requests  = yes>  $INCLUDE  ${confdir}/proxy.conf>>  I wanna do this:>  |Openser| -> |Radiusclient| -> |Freeradius| -> |IAS| -> |AD|>>  Its work?>>  And in IAS should I configured anything?Configure the NULL realm with the same settings as DEFAULT. Other than that, the config sounds good to me. Did you change anything apart from that in the default config file? In particular, you need to have at least one instance of the "realm" module in authorize { }. The default config has "suffix" in there, that should be fine. You need to be sure then that your user names don't contain the @ character - otherwise they won't match the DEFAULT realm you set up
 in proxy.conf.If you are positive that an instance of realm is in authorize and NULL is configured, but it still doesn't work then please post the debug output (radiusd -X) of a packet that arrived and was supposed to be proxied, but wasn't.>  Sorry for the portuguese e-mail.When I read it, I wondered what strange dialect of Spanish this is. :-) Portuguese and Spanish aren't that far apart after all, it seems.Greetings,Stefan Winter 
		 
Yahoo! Acesso Grátis - Internet rápida e grátis. Instale o discador agora! 
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: IAS and Openser

2006-09-13 Thread Stefan Winter 
Hi,

>  How can I transform freeradius server in a proxy?
>  I configured the proxy.conf, but seems dont work
>
>  And I uncommnet the line in radiusd.conf:
>
>  proxy_requests  = yes
>  $INCLUDE  ${confdir}/proxy.conf
>
>  I wanna do this:
>  |Openser| -> |Radiusclient| -> |Freeradius| -> |IAS| -> |AD|
>
>  Its work?
>
>  And in IAS should I configured anything?

Configure the NULL realm with the same settings as DEFAULT. Other than that, 
the config sounds good to me. Did you change anything apart from that in the 
default config file? In particular, you need to have at least one instance of 
the "realm" module in authorize { }. The default config has "suffix" in 
there, that should be fine. You need to be sure then that your user names 
don't contain the @ character - otherwise they won't match the DEFAULT realm 
you set up in proxy.conf.

If you are positive that an instance of realm is in authorize and NULL is 
configured, but it still doesn't work then please post the debug output 
(radiusd -X) of a packet that arrived and was supposed to be proxied, but 
wasn't.

>  Sorry for the portuguese e-mail.

When I read it, I wondered what strange dialect of Spanish this is. :-) 
Portuguese and Spanish aren't that far apart after all, it seems.

Greetings,

Stefan Winter

-- 
Stefan WINTER

RESTENA Foundation - Réseau Téléinformatique de l'Education Nationale et de 
la Recherche
R&D Engineer

6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: [EMAIL PROTECTED]     Tel.:     +352 424409-1
http://www.restena.lu               Fax:      +352 422473


pgpBt0b3PkIbM.pgp
Description: PGP signature
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: IAS and Openser

2006-09-13 Thread Artur Hayne 
Hello,  How can I transform freeradius server in a proxy? I configured the proxy.conf, but seems dont work  proxy.conf:  proxy server {     synchronous = no     retry_delay = 5     retry_count = 3     dead_time = 120     default_fallback = yes     post_proxy_authorize = no }  realm DEFAULT {        type    = radius     authhost    = mydomain.br     accthost    = mydomain.br     secret  = mysecret     nostrip
 }  And I uncommnet the line in radiusd.conf:  proxy_requests  = yes $INCLUDE  ${confdir}/proxy.conf   I wanna do this: |Openser| -> |Radiusclient| -> |Freeradius| -> |IAS| -> |AD| Its work?  And in IAS should I configured anything?   Sorry for the portuguese e-mail.  [EMAIL PROTECTED] escreveu:Hello!This list is in English.>  Como faço para transformar o Freeradius num cliente do IAS? Existe algum> tutorial, ou artigo? Se for sem passar pelo servidor freeradius eu já> configurei o radiusclient para ir direto ao IAS, mas não deu certo, nada> acontece, e o pior de tudo que não tenho nem como debugar o problema e o> arquivo de log do IAS é muito fraco.>>  |Openser| -> |Radiusclient| -> |Freeradius| -> |IAS| -> |AD|>>  Da pra fazer isso? Como faço isso?>>  Alguma idéia?If I got you right, all you want to do is use FreeRADIUS as a proxy to communicate to an
 IAS which does the authentication. This is easy, all you need to do is proxy all incoming requests to the IAS. See proxy.conf, read it, try it, and if doesn't work for you ask here again. But in English please, it's been quite a time since I had Spanish in school.Greetings,Stefan Winter-- Stefan WINTERRESTENA Foundation - Réseau Téléinformatique de l'Education Nationale et de la RechercheR&D Engineer6, rue Richard Coudenhove-KalergiL-1359 Luxembourgemail: [EMAIL PROTECTED]     Tel.:     +352 424409-1http://www.restena.lu               Fax:      +352 422473-- next part --A non-text attachment was scrubbed...Name: not availableType: application/pgp-signatureSize: 189 bytesDesc: not availableUrl :
 https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060913/cc735d98/attachment.bin-- 
		 
Yahoo! Acesso Grátis - Internet rápida e grátis. Instale o discador agora! 
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html