Bug#388024: freeradius proxy realm's don't works then port is set to zero in radius.conf

Mon, 18 Sep 2006 04:58:31 -0700 

severity 388024 minor
tags 388024 patch
thanks

Tomas Martisius wrote:

> Package: freeradius
> Version: 1.1.3-1
>
> Proxy realm don't works then port is set to zero in radius.conf.
> The realm module reports error about: "auth_port is not set. Proxy
> cancelled.",
> and fails to other realm.
>
> [...]
>
> Then port is set to 1812 in radius.conf - all works.

Thanks for the report. This is a corner case where the port isn't set
either in radiusd.conf or in proxy.conf.

The following syntax in proxy.conf should have worked, too. (note the
authentication port is manually set after the ":")

realm company.com {
        type        = radius
        authhost    = radius.company.com:1812
        accthost    = radius.company.com:1813
        secret      = testing123
}

> So something must be changed - the defaul port and comments in
> radius.conf or code in radius must be changet to act as writed in
> comments.

The CVS version doesn't have this bug. You might download it from
the FreeRADIUS website:

http://freeradius.org/getting.html

Or you could apply the following patch to version 1.1.3:

Index: src/main/mainconfig.c
===================================================================
RCS file: /source/radiusd/src/main/mainconfig.c,v
retrieving revision 1.36.2.6.2.2
diff -u -r1.36.2.6.2.2 mainconfig.c
--- src/main/mainconfig.c       18 Apr 2006 17:26:26 -0000      1.36.2.6.2.2
+++ src/main/mainconfig.c       18 Sep 2006 11:30:26 -0000
@@ -381,13 +381,13 @@
                 */
                if ((authhost = cf_section_value_find(cs, "authhost")) == NULL) 
{
                        c->ipaddr = htonl(INADDR_NONE);
-                       c->auth_port = auth_port;
+                       c->auth_port = 0;
                } else {
                        if ((s = strchr(authhost, ':')) != NULL) {
                                *s++ = 0;
                                c->auth_port = atoi(s);
                        } else {
-                               c->auth_port = auth_port;
+                               c->auth_port = PW_AUTH_UDP_PORT;
                        }
                        if (strcmp(authhost, "LOCAL") == 0) {
                                /*
@@ -395,7 +395,7 @@
                                 *      secret, or port.
                                 */
                                c->ipaddr = htonl(INADDR_NONE);
-                               c->auth_port = auth_port;
+                               c->auth_port = 0;
                        } else {
                                c->ipaddr = ip_getaddr(authhost);
                                if (c->ipaddr == htonl(INADDR_NONE)) {
@@ -429,7 +429,7 @@
                                *s++ = 0;
                                c->acct_port = atoi(s);
                        } else {
-                               c->acct_port = auth_port + 1;
+                               c->acct_port = PW_ACCT_UDP_PORT;
                        }
                        if (strcmp(accthost, "LOCAL") == 0) {
                                /*

Best regards,

-- 
Nicolas Baradakis


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to