(RADIATOR) Radiator freezing intermitantly
Hugh Irvine
hugh at open.com.au
Thu Jun 26 19:07:10 CDT 2003
Hello Brian -
If the machine running Radiator only has a single interface and a
single IP address, then the only reason that the NAS will not receive a
reply and send a retransmission must be due to packets being dropped on
the return path, either because of filters or firewalls or
misconfigured interfaces.
By definition, if Radiator is receiving the request, processing it and
sending back a reply, then Radiator is operating correctly.
As mentioned in my previous mail, this sort of problem usually requires
debugging with a packet sniffer to ascertain exactly what is going on.
regards
Hugh
On Thursday, Jun 26, 2003, at 23:27 Australia/Melbourne, Brian Fisk
wrote:
> Update:
>
> We are running into the same problem on a machine where we are using
> the
> primary ip address of the system for radiator. A user will dial in
> and our
> equipment will run the radius request, at which I can see radius
> authenticating the user in authlog, but the dialup equip isn't getting
> it
> cause it tries 5 times to auth (the set value) and tells users their
> username and password is invalid. We are using 3com (now utstarcom)
> hiperarc running TCS 4.2 and the newest version of radiator.
> Attached is
> my conf file. I have radius stable on a system now, but when I tried
> to
> move it to this new system it worked. The problem is intermitent.
>
>
> # radius.cfg -JJGracia - Jan2003
> #
> #Foreground
> #LogStdout
>
> # Use a low trace level in production systems. Increase
> # it to 4 or 5 for debugging, or use the -trace flag to radiusd
>
>
> PidFile /var/run/radiusd.pid
> AuthPort 1645
> AcctPort 1646
> #BindAddress 199.234.153.42,199.234.153.3
> #NasType TotalControlSNMP
> #trace 3
>
> DbDir /etc/radiator
> DictionaryFile %D/dictionary.usr
>
> LogDir /var/log/radius
> #LogFile %L/%Y%m.log
> #Trace 3
>
> <Log FILE>
> Filename %L/%Y%m.log
> Trace 3
> #LogFormat %0:%1:%2
> LogMicroseconds
> </Log>
>
> <AuthLog FILE>
> Identifier myauthlogger
> Filename %L/authlog
> LogSuccess 1
> LogFailure 1
> SuccessFormat %l:%U:%P:OK
> FailureFormat %l:%U:%P:FAIL
> </AuthLog>
>
> <StatsLog FILE>
> Identifier mystatslogger
> Filename %L/statslog
> # Format %0:%1:%2:%23
> </StatsLog>
>
> <Client localhost>
> Secret tempest
> DupInterval 0
> </Client>
>
> <Client DEFAULT>
> Secret tempest
> DupInterval 0
> # NasType TotalControl
> SNMPCommunity private
> </Client>
>
> <SessionDatabase SQL>
> DBSource dbi:mysql:radius:localhost
> DBUsername blue
> DBAuth green
> </SessionDatabase>
>
> <ClientListSQL>
> DBSource dbi:mysql:radius
> DBUsername blue
> DBAuth green
> </ClientListSQL>
>
> <Realm DEFAULT>
>
>
> RewriteUsername s/^([^@]+).*/$1/
> RewriteUsername tr/[A-Z]/[a-z]/
> RewriteUsername s/\s+//g
> # RewriteUsername tr/A-Za-z0-9_@//cd
> # AcctLogFileName %L/detail
> # WtmpFileName %L/wtmp
>
> <AuthBy SQL>
>
> DBSource dbi:mysql:radius:localhost
> DBUsername blue
> DBAuth green
>
> AuthSelect select PASSWORD,CHECKATTR,REPLYATTR from
> SUBSCRIBERS
> where USERNAME='%n'
>
> AccountingTable ACCOUNTING
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef
> ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef
> ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef
> ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct_Terminate-Cause
> AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> AcctColumnDef NASIPADDRESS,NAS-Identifier
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef ACCTFRAMEDIP,Framed-IP-Address
> AcctColumnDef ACCTFRAMEDNETMASK,Framed-Netmask
> AcctColumnDef ACCTCALLERID,Calling-Station-Id
> AcctColumnDef ACCTCALLEDID,Called-Station-Id
> AcctColumnDef
> MODEMTRAININGTIME,Modem-Training-Time,integer
> AcctColumnDef
> CHASISCALLSLOT,Chassis-Call-Slot,integer
> AcctColumnDef
> CHASISCALLSPAN,Chassis-Call-Span,integer
> AcctColumnDef
> CHASISCALLCHAN,Chassis-Call-Channel,integer
> AcctColumnDef MODULATIONTYPE,Modulation-Type
> AcctColumnDef ERRORCNTL,Error-Control
> AcctColumnDef COMPRESSTYPE,Compression-Type
> AcctColumnDef INTICONNECTRATE,Initial-Connect-Rate
> AcctColumnDef FRAMEDPROTOCOL,Framed-Protocol
> AcctColumnDef SPEEDOFCONNECT, Speed-Of-Connection
> # AcctFailedLogFileName %D/missedaccounting
> </AuthBy>
> AuthLog myauthlogger
> #StatsLog mystatslogger
> </Realm>
>
>
>
>
>
>
> ----- Original Message -----
> From: "Hugh Irvine" <hugh at open.com.au>
> To: "Brian Fisk" <bfisk at lazerlink.com>
> Cc: <radiator at open.com.au>
> Sent: Friday, June 20, 2003 7:41 PM
> Subject: Re: (RADIATOR) Radiator freezing intermitantly
>
>
>>
>> Hello Brian -
>>
>> On machines with multiple interfaces, this is usually due to the
>> radius
>> response being sent back to the client from a different IP address to
>> that from which the request was received (ie the response was sent via
>> a different interface).
>>
>> Using a sniffer to check the packet flow is usually very helpful
>> (snoop, tcpdump, ethereal, ...).
>>
>> regards
>>
>> Hugh
>>
>>
>> On Friday, Jun 20, 2003, at 23:12 Australia/Melbourne, Brian Fisk
>> wrote:
>>
>>> We had more troubles yesterday and the problem that is happening is
>>> when we
>>> have radiator setup to bind on a secondary ip of the machine. When I
>>> took
>>> out the bind address statement, which should make radiator listen on
>>> all
>>> ip's, it still wouldn't work. I had to set our dialup equipment to
>>> use the
>>> base ip of the machine and then it started working. When a user
>>> tried
>>> to
>>> dial up, they would authenticate, as I could see in my authlog, but
>>> the
>>> dialup equipment kept authenticating them for around 3-4 times before
>>> it
>>> hung up on them. The dialup equipment (total control) was giving me
>>> error
>>> messages that according to the total control website, said that the
>>> secret
>>> key was a mismatch. I think it's an ip issue with the machine but we
>>> will
>>> find out more from testing on monday.
>>>
>>> Brian Fisk
>>>
>>>
>>>
>>> ----- Original Message -----
>>> From: "Hugh Irvine" <hugh at open.com.au>
>>> To: "Brian Fisk" <bfisk at lazerlink.com>
>>> Cc: <radiator at open.com.au>
>>> Sent: Thursday, June 19, 2003 8:03 PM
>>> Subject: Re: (RADIATOR) Radiator freezing intermitantly
>>>
>>>
>>>>
>>>> Hello Brian -
>>>>
>>>> I will need to see a copy of the configuration file (no secrets)
>>>> together with a trace 4 debug from Radiator showing what is
>>>> happening.
>>>>
>>>> There is also a FAQ item regarding Redhat 8 here:
>>>>
>>>> http://www.open.com.au/radiator/faq.html#127
>>>>
>>>> regards
>>>>
>>>> Hugh
>>>>
>>>>
>>>> On Friday, Jun 20, 2003, at 02:20 Australia/Melbourne, Brian Fisk
>>>> wrote:
>>>>
>>>>> I have been running radiator on the same server for the last 3
>>>>> years
>>>>> and it
>>>>> worked perfect. I am now setting up radiator 3.6 on another server
>>>>> using
>>>>> the old config file which was version 2.18.1
>>>>>
>>>>> I am noticing that radiator will just freeze up for a period of 5
>>>>> minutes or
>>>>> so. Is there any incompatabilities between the versions for the
>>>>> config
>>>>> file, or can someone suggest a way of logging to diagnose the
>>>>> problem?
>>>>>
>>>>> I am running Redhat 8.0 Linux server1 2.4.18-24.8.0smp #1 SMP Fri
>>>>> Jan
>>>>> 31
>>>>> 06:03:47 EST 2003 i686 i686 i386 GNU/Linux)
>>>>>
>>>>>
>>>>> ===
>>>>> Archive at http://www.open.com.au/archives/radiator/
>>>>> Announcements on radiator-announce at open.com.au
>>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>>> 'unsubscribe radiator' in the body of the message.
>>>>>
>>>>>
>>>>
>>>> NB: have you included a copy of your configuration file (no
>>>> secrets),
>>>> together with a trace 4 debug showing what is happening?
>>>>
>>>> --
>>>> Radiator: the most portable, flexible and configurable RADIUS server
>>>> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>>>> -
>>>> Nets: internetwork inventory and management - graphical, extensible,
>>>> flexible with hardware, software, platform and database
>>>> independence.
>>>>
>>>>
>>>
>>>
>>
>> NB: have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>>
>> ===
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list