Re: [RADIATOR] proxying POD reply packets

Sat, 13 Jul 2013 00:25:58 -0700 

On 07/12/2013 06:46 PM, Michael wrote:

> also, Change-Filter-Request-NAKed would also need to be in that list.

Hello Michael,

I tested with this setup:
radpwtst -> R1 -> R2

where R1 is a simple proxy Radiator and R2 is Radiator that replies with
Change-Filter-NAKed or Disconnect-Request-NAKed. It also adds
Error-Cause and Reply-Message to the responses. This is done with AuthBy
INTERNAL.

R1 config is simply this:

<Client DEFAULT>
        Secret  mysecret
</Client>

<Handler>
  <AuthBy RADIUS>
        Secret mysecret
        Host 127.0.0.1
        AuthPort 1812
        AcctPort 1813
  </AuthBy>
</Handler>

With the above setup the NAKed responses were proxied back to radpwtst
correctly. Also the ACKed responses were proxied fine. R1 logs the
message from R2 like this:


DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1812 ....
Code:       Disconnect-Request-NAKed
Identifier: 1
Authentic:  C<235><235>T<17><153>RG<130><221><213><213><27><223>"<184>
Attributes:
        Reply-Message = "No Matching Session"
        Error-Cause = Session-Context-Not-Found

INFO: Disconnect-Request rejected: No Matching Session
DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 44624 ....
Code:       Disconnect-Request-NAKed
Identifier: 90
Authentic:   ZNg<23>3<165>a<23>'<222><235><201><189><155><14>
Attributes:
        Reply-Message = "No Matching Session"
        Error-Cause = Session-Context-Not-Found

The INFO line is logged by Handler which forwards the request back to
radpwtst even if the request type was not added the the ACCEPTed request
types.

I wonder if you have a (very) old Radiator or more likely, a
configuration that causes NAKed messages to be rejected.

Thanks,
Heikki

-- 
Heikki Vatiainen <[email protected]>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator

Reply via email to