(RADIATOR) Proxy RADIUS config problem w/ RADIATOR (need help)

James Laszko jamesl at tfbnet.com
Mon May 14 18:28:23 CDT 2001


Jared:


Something is clicking in the back of my mind that says that Livingston
RADIUS was brain-dead on RADIUS authentication, or something like that.
I believe that it accepted Auth/Acct requests even if the shared secret
was bad.  Are you sure the shared secret is correct?  Are you sure that
remote.radius.server.com is resolving correctly?  Tried using Host <ip
address> instead of Host <hostname>?


Just a few ideas....





James Laszko
TFBnet
james at tfb.com


-----Original Message-----
From: Jared Reimer [mailto:jared at theriver.com]
Sent: Monday, May 14, 2001 1:22 PM
To: Radiator Mail list
Subject: (RADIATOR) Proxy RADIUS config problem w/ RADIATOR (need help)


Hello.

I am evaluating Radiator and thus far, am very impressed.  What an 
improvement over Livingston RADIUS 2.1 this seems to be!

However, I am having the following problem with Proxy RADIUS.  We see a
lot 
of this in the third-party RADIUS server's logfiles, but get no valid
replies:

>Wed May  9 15:33:43 2001: requester address mismatch: 63.211.219.163 !=

>216.AAA.BBB.CCC
>Wed May  9 15:33:43 2001: Authenticate: from 216.AAA.BBB.CCC - Security

>Breach: testlogin

(Note that AAA/BBB/CCC were changed.)

Here is the weird part:  When I use Livingston RADIUS 2.1 instead of 
Radiator [on my end], it works fine!  In other words, something about
the 
way RADIATOR is talking to the other RADIUS server appears to be
bothering 
it.  I am using the radpwtst tool to generate test RADIUS auth requests,
if 
that matters.  Note that the 63.211.219.163 IP address is not even mine
-- 
I have no idea where that came from!

Any ideas as to what might be causing the above problem?

FWIW, my RADIATOR config looks like this.  It's pretty straightforward

<Handler Called-Station-Id=/123456.../>
         <AuthBy RADIUS>
                 Host remote.radius.server.com
                 Secret shared_secret
                 IgnoreReplySignature
         </AuthBy>
</Handler>


Thanks for any guidance you can provide!

-- Jared


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list