RE: Iffy idea engineering using freeradius :-)

permalink · #1 (**permalink**) 02-16-2005

This is a multi-part message in MIME format.

------_=_NextPart_001_01C5144A.3EA0B1C2
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Ack, I got this all working then I realized that freeradius doesn't log
proxy requests..

=20

....

=20

________________________________

From: freeradius-users-admin@lists.freeradius.org
[mailto:freeradius-users-admin@lists.freeradius.org] On Behalf Of Drew
Weaver
Sent: Wednesday, February 16, 2005 11:46 AM
To: freeradius-users@lists.freeradius.org
Subject: Iffy idea engineering using freeradius :-)

=20

I need to blindly forward all requests that my radius server
gets to another radius server without adding a realm to the requests.
Let me explain what I am doing, in the mid 90s an ISP opened up and
started signing people up and didn't use a database or any sort of
record keeping to keep track of their usernames and passwords, they're
using 2 old BSD3.0 merit radius servers, the time has come to upgrade
these servers because honestly they're dying.

=20

So what im going to do is catch the request from their NAS
boxes, log successful logins [the usernames and passwords to a MySQL
database] and then once I have roughly 95-97% of the population im going
to use that list to create them a new radius server. The problem I am
having is when the NAS boxes send the request to the FreeRadius server,
the freeradius server appears to be adding the realm of "NULL" to the
requests that it is sending to the merit radius server, and the merit
radius server is rejecting the requests.=20

=20

rlm_realm: No '@' in User-Name =3D "aweaver", looking up realm NULL

rlm_realm: Found realm "NULL"

rlm_realm: Adding Stripped-User-Name =3D "aweaver"

rlm_realm: Proxying request from user aweaver to realm NULL

rlm_realm: Adding Realm =3D "NULL"

rlm_realm: Preparing to proxy authentication request to realm "NULL"

=20

So basically what I need to do is have Freeradius basically
proxy requests and act like a "NAS" just pass the requests through to
their radius box.

=20

If anyone has any clue what im talking about let me know :D

=20

Thanks,

-Drew

=20

------_=_NextPart_001_01C5144A.3EA0B1C2
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" =
xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)">
<o:SmartTagType
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" =
name=3D"PersonName"
downloadurl=3D"http://www.microsoft.com"/>

<style>

</style>

</head>

<body lang=3DEN-US link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

Ack, I got this all working then I
realized that freeradius doesn’t log proxy =
requests..<o:p></o:p>

<o:p> </o:p>

…<o:p></o:p>=

<o:p> </o:p>

<div>

<div class=3DMsoNormal align=3Dcenter style=3D'text-align:center'>

<hr size=3D2 width=3D"100%" align=3Dcenter tabindex=3D-1>

</div>

From:
freeradius-users-admin@lists.freeradius.org
[mailto:freeradius-users-admin@lists.freeradius.org] On Behalf Of <st1:PersonName w:st=3D"on">Drew =
Weaver</st1:PersonName> 
Sent: Wednesday, February =
16, 2005
11:46 AM 
To: <st1:PersonName =
w:st=3D"on">freeradius-users@lists.freeradius.org</st1:PersonName> 
Subject: Iffy idea =
engineering
using freeradius :-)<o:p></o:p>

</div>

<o:p> </o:p>

          =
  
I need to blindly forward all requests that my radius server gets to =
another
radius server without adding a realm to the requests. Let me explain =
what I am
doing, in the mid 90s an ISP opened up and started signing people up and
didn’t use a database or any sort of record keeping to keep track =
of
their usernames and passwords, they’re using 2 old BSD3.0 merit =
radius
servers, the time has come to upgrade these servers because honestly
they’re dying.<o:p></o:p>

<o:p> </o:p>

          =
  
So what im going to do is catch the request from their NAS boxes, log
successful logins [the usernames and passwords to a MySQL database] and =
then
once I have roughly 95-97% of the population im going to use that list =
to
create them a new radius server. The problem I am having is when the NAS =
boxes
send the request to the FreeRadius server, the freeradius server appears =
to be
adding the realm of “NULL” to the requests that it is =
sending to
the merit radius server, and the merit radius server is rejecting the =
requests.
<o:p></o:p>

<o:p> </o:p>

    rlm_realm: No '@' in User-Name =3D
"aweaver", looking up realm NULL<o:p></o:p>

    rlm_realm: Found realm =
"NULL"<o:p></o:p>

    rlm_realm: Adding =
Stripped-User-Name =3D
"aweaver"<o:p></o:p>

    rlm_realm: Proxying request from =
user
aweaver to realm NULL<o:p></o:p>

    rlm_realm: Adding Realm =3D
"NULL"<o:p></o:p>

    rlm_realm: Preparing to proxy
authentication request to realm =
"NULL"<o:p></o:p>

<o:p> </o:p>

          =
  
So basically what I need to do is have Freeradius basically proxy =
requests and
act like a “NAS” just pass the requests through to their =
radius
box.<o:p></o:p>

<o:p> </o:p>

If anyone has any clue what im talking about let me =
know :D<o:p></o:p>

<o:p> </o:p>

Thanks,<o:p></o:p>

-Drew<o:p></o:p>

<o:p> </o:p>

</div>

</body>

</html>

------_=_NextPart_001_01C5144A.3EA0B1C2--

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode