(RADIATOR) Reverse Proxy POD

[Rabbie Zalaf]

Hi All.   I am trying to set up a reverse RADIUS proxy to do POD to our LNS.   If I send the Disconnect-Request directly to the LNS it works fine.. Eg: radpwtst -trace 4 -acct_port 1234 -secret xxxxxxx -s xxx.xxx.xxx.xxx -noauth -noacct -code Disconnect-Request -dictionary /etc/radiator/dictionary "User-Name=DISCONNECTME"   However, if send the request to the localhost so it gets proxies, it comes back as INVALID AUTHENTICATOR...   Tue Dec 16 10:15:47 2003: DEBUG: Packet dump: *** Sending to xxx.xxx.xxx.xxx port 1234 .... Code:       Disconnect-Request Identifier: 1 Authentic:  <127><191>b<215><215><135><143><217>Y<220><227><30><130>E>Z Attributes:         User-Name = "DISCONNECTME"   Tue Dec 16 10:15:47 2003: DEBUG: Packet dump: *** Received from xxx.xxx.xxx.xxx port 1234 .... Code:       Disconnect-Request-NAKed Identifier: 1 Authentic:  Y<216><128>+',<141><174>6$<132><201>P<230>L9 Attributes:         Reply-Message = "Invalid Authenticator"     Here is the config for my proxy.   #Foreground #LogStdout LogDir          /var/log/radius DbDir           /etc/radiator   # ServerId is defined on command line PidFile         %L/%{GlobalVar:ServerId}.pid LogFile         %L/%{GlobalVar:ServerId}/logfile-%Y-%m-%d   Trace           4   BindAddress xxx.xxx.xxx.xxx   AuthPort 1815 AcctPort   # Use a low trace level in production systems. Increase # it to 4 or 5 for debugging, or use the -trace flag to radiusd   <ClientListSQL>         DBSource        dbi:mysql:radius         DBUsername      username         DBAuth              password </Client>   <Handler>         <AuthBy RADIUS>                 Host            1.2.3.4                 AuthPort       1234                 Secret          somesecret         </AuthBy> </Handler>   Any help would be greately appreciated.   Rabbie Zalaf Network Consultant Leading Edge Internet 02 9497 4024 http://www.leadingedgeinternet.net.au -----BEGIN GEEK CODE BLOCK----- VERSION: 3.1 GIT d++ s:>s-:- a22 C++++ L U+++ P+ L+++>$L+++++ E--- W+++ w-- M-- t+++ G++ -----END GEEK CODE BLOCK----- This document together with any attachments is confidential and is intended for the named recipient only. It can not be copied, disclosed, passed on or duplicated in any way shape or form, without the prior permission of the author. If you are not the intended recipient please contact the author immediately and destroy the message. All parties acknowledge that any breach of confidence or disclosures made by any party, (including their employees, agents and contracted service providers such as solicitors, accountants, auditors and others), which may result in a commercial loss to Leading Edge Group, may result in Leading Edge Group exercising such rights as are available to them in connection with that loss.