I just want to covert my radius request as an diameter request for authentication.
So I configured radgw and all mentioned configurations.
But I'm facing below issue
"No suitable candidate to route the message to." and getting access reject
My setup is like below
Started freediameter with radgw support and initiated the radius request by executing radtest.
$ sudo ../../../build/freeDiameterd/freeDiameterd-1.1.4 freeDiameterd-1.1.4 -c freeDiameter-1.conf
libfdproto initialized.
libgnutls '2.12.14' initialized.
Generating fresh Diffie-Hellman parameters of size 1024 (this takes some time)...
Loading : /usr/local/lib/freeDiameter/test_app.fdx
Extension Test_App initialized with configuration: 'doc/test_app1.conf'
------- app_test configuration dump: ---------
Vendor Id .......... : 999999
Application Id ..... : 16777215
Command Id ......... : 16777214
AVP Id ............. : 16777215
Mode ............... : Cli
Destination Realm .. : localdomain
Destination Host ... : - none -
Signal ............. : 10
------- /app_test configuration dump ---------
Loading : /usr/local/lib/freeDiameter/dict_nasreq.fdx
Extension 'Dictionary definitions for NASREQ' initialized
Loading : /usr/local/lib/freeDiameter/dict_eap.fdx
Extension 'Dictionary definitions for EAP' initialized
Loading : /usr/local/lib/freeDiameter/app_radgw.fdx
Extension RADIUS Gateway initialized with configuration: 'doc/rgw.conf'
Loading : /usr/local/lib/freeDiameter/app_diameap.fdx
-------- DiamEAP extension : Configuration parameters (Dump) -------------
-Configuration file.....: doc/app_diameap.conf
-EAP Application Id.....: 5
-EAP Application Command: 268
-EAP Application Vendor.: 0
-Max invalid EAP packets: 5
-Multi-Round Timeout....: 30
-MySQL Database Params..:
User .......:root
Server .....:127.0.0.1
Database....:diameap
-EAP Method Plugins.....:
- EAP Identity plugin [Type: 1, Vendor: 0] loaded
-------- DiamEAP extension : Configuration parameters (End) ---------------
[DiamEAP extension] Diameter EAP Application Extension started successfully.
All extensions loaded.
-- Configuration :
Debug trace level ...... : +1
Configuration file ..... : freeDiameter-1.conf
Diameter Identity ...... : peer1.localdomain (l:17)
Diameter Realm ......... : localdomain (l:11)
Tc Timer ............... : 30
Tw Timer ............... : 30
Local port ............. : 3868
Local secure port ...... : 3869
Number of SCTP streams . : 30
Number of server threads : 4
Local endpoints ........ : Default (use all available)
Local applications ..... : App: 1 Au-- Vnd: 0
App: 3 --Ac Vnd: 0
App: 5 Au-- Vnd: 0
App: 16777215 Au-- Vnd: 999999
Flags : - IP ........... : Enabled
- IPv6 ......... : Enabled
- Relay app .... : Enabled
- TCP .......... : Enabled
- SCTP ......... : Enabled
- Pref. proto .. : SCTP
- TLS method ... : Separate port
TLS : - Certificate .. : peer1.cert.pem
- Private key .. : peer1.key.pem
- CA (trust) ... : cacert.pem (1 certs)
- CRL .......... : (none)
- Priority ..... : (default: 'NORMAL')
- DH bits ...... : 1024
Origin-State-Id ........ : **********
freeDiameterd daemon initialized.
------------- RADIUS/Diameter Request Debug -------------
RADIUS request (0x8887088) DUMP:
id : 0xf7, code: 1 (Access-Request [RFC2865])
auth: 41 f9 0b ae 86 19 2b 6c
0b 59 1a 79 0f ae db cd
RADIUS answer: NULL pointer
Diameter message (0xb5000558) DUMP:
------ Dumping object 0xb5000558 (w)-------
|MSG: 0xb5000558
| (no model)
| public: V:1 L:20 fl:RP-- CC:265 A:1 hi:0 ei:ffe00000
| intern: rwb:(nil) rt:0 cb:(nil)((nil)) qry:(nil) asso:0 sess:(nil) src:(nil)(0)
| model : v/m:-M/VM, OCTETSTRING, 263 "Session-Id"
| public: C:263 fl:-M L:8 V:0 data:@0xb50008ac
| value t: 'UTF8String' (OCTETSTRING) v: chris-VirtualBox;**********;1;user;peer1.l
| intern: src:(nil) mf:1 raw:(nil)(0)
| model : v/m:-M/VM, OCTETSTRING, 283 "Destination-Realm"
| public: C:283 fl:-M L:8 V:0 data:@0xb5000764
| value t: 'DiameterIdentity' (OCTETSTRING) v: localdomain
| intern: src:(nil) mf:1 raw:(nil)(0)
| model : v/m:-M/VM, OCTETSTRING, 264 "Origin-Host"
| public: C:264 fl:-M L:8 V:0 data:@0xb5000624
| value t: 'DiameterIdentity' (OCTETSTRING) v: chris-VirtualBox
| intern: src:(nil) mf:1 raw:(nil)(0)
| model : v/m:-M/VM, OCTETSTRING, 296 "Origin-Realm"
| public: C:296 fl:-M L:8 V:0 data:@0xb500069c
| value t: 'DiameterIdentity' (OCTETSTRING) v: localdomain
| intern: src:(nil) mf:1 raw:(nil)(0)
| model : v/m:-M/VM, UNSIGNED32, 258 "Auth-Application-Id"
| public: C:258 fl:-M L:12 V:0 data:@0xb500094c
| value (UNSIGNED32) v: 1 (0x1)
| intern: src:(nil) mf:0 raw:(nil)(0)
| model : v/m:-M/VM, INTEGER32, 274 "Auth-Request-Type"
| public: C:274 fl:-M L:12 V:0 data:@0xb50009ac
| value t: 'Enumerated(Auth-Request-Type)' (INTEGER32) v: 'AUTHORIZE_AUTHENTICATE' (3 (0x3))
| intern: src:(nil) mf:0 raw:(nil)(0)
| model : v/m:-M/VM, UNSIGNED32, 408 "Origin-AAA-Protocol"
| public: C:408 fl:-M L:12 V:0 data:@0xb5000a0c
| value t: 'Enumerated(Origin-AAA-Protocol)' (UNSIGNED32) v: 'RADIUS' (1 (0x1))
| intern: src:(nil) mf:0 raw:(nil)(0)
| model : v/m:-M/VM, OCTETSTRING, 1 "User-Name"
| public: C:1 fl:-M L:8 V:0 data:@0xb5000a6c
| value t: 'UTF8String' (OCTETSTRING) v: user
| intern: src:(nil) mf:1 raw:(nil)(0)
| model : v/m:-M/VM, OCTETSTRING, 2 "User-Password"
| public: C:2 fl:-M L:8 V:0 data:@0xb5000adc
| value (OCTETSTRING) v: 75 73 65 72 00 00 00 00 00 00 00 00 00 00 00 00
| intern: src:(nil) mf:1 raw:(nil)(0)
| model : v/m:-M/VM, OCTETSTRING, 4 "NAS-IP-Address"
| public: C:4 fl:-M L:8 V:0 data:@0xb5000b54
| value (OCTETSTRING) v: C0 A8 38 66
| intern: src:(nil) mf:1 raw:(nil)(0)
| model : v/m:-M/VM, UNSIGNED32, 5 "NAS-Port"
| public: C:5 fl:-M L:12 V:0 data:@0xb5000bc4
| value (UNSIGNED32) v: 0 (0x0)
| intern: src:(nil) mf:0 raw:(nil)(0)
------ /end of object 0xb5000558 -------
Diameter session: chris-VirtualBox;**********;1;user;peer1.localdomain
=========== Debug complete =============
No suitable candidate to route the message to.
Logged: 05/11/15,08:50:59.543145
|MSG: 0xb5000558
| model : v/m:RP--/RPE-, 265 "AA-Request"
| public: V:1 L:20 fl:RP-- CC:265 A:1 hi:0 ei:ffe00000
| intern: rwb:(nil) rt:0 cb:0xb4fe7ddb(0xb5001c28) qry:(nil) asso:0 sess:(nil) src:(nil)(0)
[auth.rgwx] Received Diameter answer with error code '3002' from server 'peer1.localdomain', session chris-VirtualBox;**********;1;user;peer1.localdomain, translating into Access-Reject
[auth.rgwx] Error-Message content: 'No suitable candidate to route the message to'
------------- RADIUS/Diameter Answer Debug -------------
Diameter message (0x88871b0) DUMP:
------ Dumping object 0x88871b0 (w)-------
|MSG: 0x88871b0
| model : v/m:-P--/RP--, 265 "AA-Answer"
| public: V:1 L:20 fl:--E- CC:265 A:1 hi:0 ei:ffe00000
| intern: rwb:(nil) rt:0 cb:(nil)((nil)) qry:0xb5000558 asso:0 sess:0xb50007f0 src:(nil)(0)
------ /end of object 0x88871b0 -------
RADIUS answer (0xb4c00508) DUMP:
id : 0xf7, code: 3 (Access-Reject [RFC2865])
auth: 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
- len: 47, type:0x12 (Reply-Message )
- len: 6, type:0x65 (Error-Cause Attribute[RFC3576])
=========== Debug complete =============
ERROR: in '(pthread_mutex_lock( &sess->stlock ))': Invalid argument
freeDiameterd-1.1.4: /home/chris/diameter/freeDiameter-1.1.4/freeDiameter-1.1.4/libfdproto/sessions.c:626: fd_sess_destroy: Assertion `0' failed.
freediameter conf
# -------- Test configuration ---------
Identity = "peer1.localdomain";
Realm = "localdomain";
# Port = 3868;
# SecPort = 3869;
TLS_Cred = "peer1.cert.pem",
"peer1.key.pem";
TLS_CA = "cacert.pem";
LoadExtension = "test_app.fdx" : "doc/test_app1.conf";
LoadExtension = "dict_nasreq.fdx":"doc/app_diameap.conf";
LoadExtension = "dict_eap.fdx":"doc/app_diameap.conf";
LoadExtension = "app_radgw.fdx":"doc/rgw.conf";
LoadExtension = "app_diameap.fdx":"doc/app_diameap.conf";
rgw.conf
# Handle some attributes
#RGWX = "echodrop.rgwx" : "doc/echodrop.rgwx.conf";
# Handle Accounting-Request messages received on the correct port
RGWX = "acct.rgwx" : acct : 4;
# Handle Access-Request messages received on the correct port
RGWX = "auth.rgwx" : auth : 1;
# Dump state when loop ends
RGWX = "debug.rgwx";
##################
nas = 192.168.56.101 / "radiusecret" ;
nas = 192.168.56.105 / "radiusecret" ;
nas = 127.0.0.1 / "radiusecret" ;
nas = 192.168.56.102 / "radiusecret" ;
Please help me to proceed further,