Fwd: (RADIATOR) Dupe Proxy-State Attribs in access request packet

Thu Mar 14 00:45:15 CST 2002

Hello Jason -

The answer depends on what you are doing with the Proxy-State.

You can either delete it from the proxied request with StripFromRequest, or 
you can use a ReplyHook to remove the duplicate.

regards

Hugh

> >
> > Hey Everyone,
> >
> > We are attempting to use radiator in a proxy enviroment. We have
> > everything working perfectly, except when we try to pass the proxy-state
> > attribute across, it gets doubled on the way back to the other end.
> > Radiator is the middle proxy server. We are using Radiator 2.17.1
> >
> > Heres what the debug looks like:
> >
> > Wed Mar 13 15:22:15 2002: DEBUG: Packet dump:
> > *** Received from x.x.x.27 port 57388 ....
> >
> > Packet length = 69
> > 01 4b 00 45 d2 90 ff 62 35 3b b1 3a 90 05 38 d2
> > 32 30 0c 8e 01 0b 75 73 69 62 2f 74 65 73 74 02
> > 12 30 5b ab d3 ad 72 a1 b9 55 17 51 64 74 96 fe
> > a3 05 06 00 00 00 0a 20 09 52 61 64 54 65 73 74
> > 21 05 ab 00 ef
> > Code:       Access-Request
> > Identifier: 75
> > Authentic:  <210><144><255>b5;<177>:<144><5>8<210>20<12><142>
> > Attributes:
> >         User-Name = "usib/test"
> >         User-Password =
> > "0[<171><211><173>r<161><185>U<23>Qdt<150><254><163>"
> >         NAS-Port = 10
> >         NAS-Identifier = "RadTest"
> >         Proxy-State = <171><0><239>
> >
> > Wed Mar 13 15:22:15 2002: DEBUG: Check if Handler Prefix = "zz" should be
> > used to handle this request
> > Wed Mar 13 15:22:15 2002: DEBUG: Check if Handler User-Name = /^zz/
> > should be used to handle this request
> > Wed Mar 13 15:22:15 2002: DEBUG: Check if Handler User-Name = /^usi/
> > should be used to handle this request
> > Wed Mar 13 15:22:15 2002: DEBUG: Handling request with Handler 'User-Name
> > = /^usi/'
> > Wed Mar 13 15:22:15 2002: DEBUG:  Deleting session for usib/test,
> > 209.211.205.27, 10
> > Wed Mar 13 15:22:15 2002: DEBUG: do query is: delete from RADONLINE where
> > NASIDENTIFIER='x.x.x.27' and NASPORT=010
> >
> > Wed Mar 13 15:22:15 2002: DEBUG: Handling with Radius::AuthRADIUS
> > Wed Mar 13 15:22:15 2002: DEBUG: Packet dump:
> > *** Sending to x.x.x.121 port 1645 ....
> > Code:       Access-Request
> > Identifier: 2
> > Authentic:  <210><144><255>b5;<177>:<144><5>8<210>20<12><142>
> > Attributes:
> >         User-Name = "usib/test"
> >         User-Password =
> > "<127><151><241><16><7><206>i<184><216><25><138><135><141> <127><225>"
> >         NAS-Port = 10
> >         NAS-Identifier = "RadTest"
> >         Proxy-State = <171><0><239>
> >
> > Wed Mar 13 15:22:15 2002: DEBUG: Packet dump:
> > *** Received from x.x.x.121 port 1645 ....
> >
> > Packet length = 25
> > 03 02 00 19 4b 57 e3 08 b1 36 ca 3f a0 8b 91 b3
> > fe 09 4c 07 21 05 ab 00 ef
> > Code:       Access-Reject
> > Identifier: 2
> > Authentic:  KW<227><8><177>6<202>?<160><139><145><179><254><9>L<7>
> > Attributes:
> >         Proxy-State = <171><0><239>
> >
> > Wed Mar 13 15:22:15 2002: DEBUG: Received reply in AuthRADIUS for req 2
> > from 216.17.3.121:1645
> > Wed Mar 13 15:22:15 2002: DEBUG: Packet dump:
> > *** Sending to x.x.x.27 port 57388 ....
> > Code:       Access-Reject
> > Identifier: 75
> > Authentic:  <210><144><255>b5;<177>:<144><5>8<210>20<12><142>
> > Attributes:
> >         Proxy-State = <171><0><239>
> >         Proxy-State = <171><0><239>
> >
> >
> >
> > As you can see, Radiator is adding another Proxy state attrib to the
> > resent packet. Is there a way to have it not do this?
> >
> > tia
> > -Jason

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.