do_not_respond policy in 3.0.2 #593

Closed
sergey-gt-ekb opened this Issue Apr 18, 2014 · 0 comments

Projects

None yet

1 participant

@sergey-gt-ekb

Freeradius server reply with invalid packet code (==0), if using do_not_respond policy.

Configuration:

authorize {
filter_username
preprocess
auth_log
chap
mschap
digest
suffix
krus_python {
fail = 1
}
if (fail) {
do_not_respond
}
pap
}

Radtest (Radtest receive packet with Do-Not-Respond & 0xff = 0x00 as packet code!!!):

[test:~/krus]#/opt/fr.krus/bin/radclient -F -n 5 -f /aaa_test.auth 127.0.0.1 auth 123
radclient: received bad packet: WARNING: Bad RADIUS packet from host 127.0.0.1: unknown packet code 0
radclient: no response from server for ID 130 socket 3
[test:
/krus]#

Debug log:

rad_recv: Access-Request packet from host 127.0.0.1 port 33863, id=130, length=211
User-Name = 'username'
NAS-Port-Type = Virtual
Service-Type = Login-User
Framed-IP-Address = 172.24.96.4
Calling-Station-Id = 'xxx'
Called-Station-Id = 'yyy'
h323-conf-id = '9E89BE2 B44711E3 BDC70022 915812B6'
h323-call-origin = 'originate'
h323-call-type = 'VoIP'
User-Password = 'password'
(2) # Executing section authorize from file /opt/fr.krus/conf/sites-enabled/krus
(2) authorize {
(2) [preprocess] = ok
(2) [auth_log] = ok
(2) [chap] = noop
(2) [mschap] = noop
(2) [digest] = noop
(2) [suffix] = noop
(2) [eap] = noop
do_python: BEGIN: authorize
krus.aaa.py: authorize request: (('User-Name', 'username'), ('NAS-IP-Address', '172.24.96.6'), ('Service-Type', 'Login-User'), ('Framed-IP-Address', '172.24.96.4'), ('Calling-Station-Id', 'xxx'), ('Called-Station-Id', 'yyy'), ('h323-conf-id', '9E89BE2 B44711E3 BDC70022 915812B6'), ('h323-call-origin', 'originate'), ('h323-call-type', 'VoIP'), ('User-Password', 'password'))
krus.aaa.py: authorize response: (2, Av_list <Reply-Message = "Inbound call.">, Av_list <Cleartext-Password = "password">)
do_python: ret int: authorize, 1
do_python: END: authorize, 1
(2) [krus_python] = fail
(2) if (fail)
(2) if (fail) -> TRUE
(2) if (fail) {
(2) do_not_respond do_not_respond {
(2) update control {
(2) Response-Packet-Type := Do-Not-Respond
(2) } # update control = noop
(2) [handled] = handled
(2) } # do_not_respond do_not_respond = handled
(2) } # if (fail) = handled
(2) } # authorize = handled
(2) Not responding to request
Sending Reply of id 130 from 127.0.0.1 port 1812 to 127.0.0.1 port 33863 //----!!!!!----
(2) Finished request 2.
Waking up in 0.3 seconds.
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 33863, id=130, length=211
(2) No reply. Ignoring retransmit.
Waking up in 999993.4 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 33863, id=130, length=211
(2) No reply. Ignoring retransmit.
Waking up in 1998404.6 seconds.

@alandekok alandekok closed this in 6108c49 Apr 18, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment