[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-gnu-radius] Proxy doesn't always forward VSAs on access-accept
|
From: |
Duane Pauls |
|
Subject: |
[Bug-gnu-radius] Proxy doesn't always forward VSAs on access-accept |
|
Date: |
Wed, 25 Aug 2004 17:24:53 -0400 |
Hello,
I have a setup where a NAS sends access-requests to a proxy with usernames
of the form address@hidden The proxy strips the domain and forwards to another
server. On the way back the proxy forwards the response to the NAS. In my
application, the server needs to send back VSAs in an access-accept.
I've found that when the proxy doesn't contain the user information in its
own users file, the VSA is dropped. If the proxy's users file mirrors the
server's, the VSA is not dropped. It looks as though the proxy may be
modifying the packet on it's way out depending on it's own user database.
I've attached a tcpdump snippet of two transactions in vsaStripTcpdump.txt.
The proxy is on 207. The server is on 203. The first attempt drops the
VSA. After mirroring the server's users file on the proxy, the VSA is not
dropped on the second attempt:
I've attached some of the logs from the proxy server as well in
vsaStripProxyLog.txt.
I don't believe a proxy should modify responses other than to pop off proxy
state, fix up the msg id, and recompute the authenticator. Is my
understanding correct, and this is in fact a bug?
Cheers,
Duane
vsaStripTcpdump.txt
Description: Text document
vsaStripProxyLog.txt
Description: Text document
- [Bug-gnu-radius] Proxy doesn't always forward VSAs on access-accept,
Duane Pauls <=