(RADIATOR) Unknown reply received in AuthRADIUS - with Attachments
glenn_pierce at EnterpriseServices.com.au
glenn_pierce at EnterpriseServices.com.au
Wed Jul 31 23:48:34 CDT 2002
Hi Miko,
I had this problem recently as well, and as Hugh says it turned out that my
access-accept reply was being NAT'ed on return to the proxy. I had to get
hold of one of our WAN guys and disable NATing for that particular subnet.
Regards,
Glenn.
Hugh Irvine
<hugh at open.com.a To: <miko at yournetplus.com>
u> cc: <radiator at open.com.au>
Sent by: Subject: Re: (RADIATOR) Unknown reply received in
owner-radiator at o AuthRADIUS - with Attachments
pen.com.au
01/08/2002 01:59
PM
Hello Miko -
The problem you have is due to the fact that you are sending the proxy
request to one IP address and the reply is coming back from a different IP
address:
Mon Jul 29 10:22:51 2002: DEBUG: Packet dump:
*** Sending to 66.97.95.41 port 1645 ....
.........
Mon Jul 29 10:22:51 2002: DEBUG: Packet dump:
*** Received from 66.97.95.1 port 1645 ....
Radiator keeps track of proxied radius requests using the IP address and
port number to which the request was sent, expecting the reply to come back
from the same place.
I suspect you either have multiple NIC cards in this machine, or you are
using a cluster of some sort.
If you can't fix the target host, you can use the ServerHasBrokenAddresses
parameter in the AuthBy RADIUS clause.
Have a look at section 6.29.20 in the Radiator 3.1 reference manual.
("doc/ref.html").
regards
Hugh
On Thursday, August 1, 2002, at 04:42 AM, <miko at yournetplus.com> wrote:
Greetings all,,, I am experiencing a rather strange problem proxying
authentications to another Radius Server...
Both Systems are running Radiator 3.1 and I can send a test auth direct
to the proxy and get an access accept, however when I send through my
main radius server I get an accept packet, but I get the error "WARNING:
Unknown reply received in AuthRADIUS for request 1 from 66.97.95.1:1645"
and it fails the auth...
I have attached both machines config files <minus the extra handlers in
the main.cfg> as well as trace logs from each machine as well...
The proxy admin and myself are both new to Radiator and tried all that
we could, here is a list of our attempts:
1> changed secrets
2> commented out AddToReply statement on proxy
3> used different username/password
Any assustance would be greatly appreciated...
Just as an FYI, I do have my main server Proxying with another machine
running radiator and all is fine, though I removed that Handler from the
config, it is identical to the one used in this instance with the
exception of the realm,ip,secret,etc...
Thank in advance,
Miko
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list