help-gnu-radius
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnu-radius] Forwarding requests after huntgroups processing

From: Christian Schlatter
Subject: Re: [Help-gnu-radius] Forwarding requests after huntgroups processing
Date: Tue, 14 Aug 2007 14:49:04 -0400
User-agent: Thunderbird 2.0.0.0 (X11/20070326) 
Sergey,

Sergey Poznyakoff wrote:

Christian Schlatter <address@hidden> ha escrit:


So far I figured out how to use the 'forward' config setting to
forward incoming requests to multiple radius servers. This is a really
nice feature I haven't found with other radius server
implementations. Well, I actually only managed to forward the requests
to localhost targets since the forward socket always binds to
localhost, even if I specify the correct source-ip in config. 

Strange. The forwarding module binds to the same address as the main
auth/acct modules, that is the one set by source-ip statement in the
`option' group. If source-ip is not given, it tries to find the first
non-loopback address on the host. In any case, it should not bind to
localhost unless explicitely required. If that does not work for you,
please supply me with some additional information: the config.log file
and the main radius configuration file (raddb/config).


I don't have a config.log file, how can I get that?

My raddb/config looks like (changed real IPs to private IPs):

---------------- /usr/local/etc/raddb/config ------------
option {
        source-ip 10.0.0.10;
        max-requests 1024;
        resolve no;
};

logging {
...
};

auth {
        listen no;
};
acct {
        listen 10.0.0.10:1813;
#       forward 127.0.0.1:11813, 127.0.0.1:11814;
        forward 10.0.0.11:1813;
        max-requests 127;
        request-cleanup-delay 2;
        detail-file-name "=nas_name(request_source_ip()) + \"/detail\"";
};

rewrite {
        load "checknas.rw";
        load "log-hook.rw";
        load "nas-ip.rw";
        load "/usr/local/etc/raddb/ami.rw";
};

# snmp {
#       listen no;
# };
---------------------------------------------------------


And this is how radius.log looks like:

----------- /var/log/radius/radius.log ------------------
Aug 14 14:35:02 Main.info: Starting
Aug 14 14:35:02 Main.info: Terminating the subprocesses
Aug 14 14:35:02 Main.info: Loading configuration files.
Aug 14 14:35:02 Main.info: reading /usr/local/etc/raddb/config
Aug 14 14:35:02 Main.info: /usr/local/etc/raddb/users reloaded.
Aug 14 14:35:02 Main.error: USER LIST IS EMPTY
Aug 14 14:35:02 Main.info: Ready
Aug 14 14:35:02 Main.info: Ready to process requests.
Aug 14 14:35:25 Acct.error: Can't forward to 10.0.0.11:1813: Invalid argument 
Aug 14 14:35:25 Acct.info: generate_status called [REGISTER]
---------------------------------------------------------


The 'forward' socket is bound to 127.0.0.1:32792:

------------ % netstat -anup ----------------------------
address@hidden:/usr/local/etc/raddb# netstat -anup
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name udp 0 0 10.0.0.10:1813 0.0.0.0:* 423/radiusd udp 0 0 127.0.1.1:32792 0.0.0.0:* 423/radiusd udp 0 0 0.0.0.0:161 0.0.0.0:* 23131/snmpd
The forwarding works fine if I forward to localhost. The server runs on Ubuntu Dapper on a dual-xeon machine. 




My question is if it is possible to forward requests *after* the
huntgroups got applied.


Currently not, but it is planned for the next release. I can prepare a
patch for you to test, if you wish.


That would be great!

thanks,
Christian
reply via email to
[Prev in Thread] Current Thread [Next in Thread]