[RADIATOR] proxying POD reply packets

Heikki Vatiainen hvn at open.com.au
Sat Jul 13 02:25:13 CDT 2013 

On 07/12/2013 06:46 PM, Michael wrote:

> also, Change-Filter-Request-NAKed would also need to be in that list.

Hello Michael,

I tested with this setup:
radpwtst -> R1 -> R2

where R1 is a simple proxy Radiator and R2 is Radiator that replies with
Change-Filter-NAKed or Disconnect-Request-NAKed. It also adds
Error-Cause and Reply-Message to the responses. This is done with AuthBy
INTERNAL.

R1 config is simply this:

<Client DEFAULT>
        Secret  mysecret
</Client>

<Handler>
  <AuthBy RADIUS>
        Secret mysecret
        Host 127.0.0.1
        AuthPort 1812
        AcctPort 1813
  </AuthBy>
</Handler>

With the above setup the NAKed responses were proxied back to radpwtst
correctly. Also the ACKed responses were proxied fine. R1 logs the
message from R2 like this:


DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1812 ....
Code:       Disconnect-Request-NAKed
Identifier: 1
Authentic:  C<235><235>T<17><153>RG<130><221><213><213><27><223>"<184>
Attributes:
        Reply-Message = "No Matching Session"
        Error-Cause = Session-Context-Not-Found

INFO: Disconnect-Request rejected: No Matching Session
DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 44624 ....
Code:       Disconnect-Request-NAKed
Identifier: 90
Authentic:   ZNg<23>3<165>a<23>'<222><235><201><189><155><14>
Attributes:
        Reply-Message = "No Matching Session"
        Error-Cause = Session-Context-Not-Found

The INFO line is logged by Handler which forwards the request back to
radpwtst even if the request type was not added the the ACCEPTed request
types.

I wonder if you have a (very) old Radiator or more likely, a
configuration that causes NAKed messages to be rejected.

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list