(RADIATOR) Unknown reply received in AuthRADIUS - with Attachments

glenn_pierce at EnterpriseServices.com.au glenn_pierce at EnterpriseServices.com.au
Wed Jul 31 23:48:34 CDT 2002

Hi Miko,

I had this problem recently as well, and as Hugh says it turned out that my
access-accept reply was being NAT'ed on return to the proxy. I had to get
hold of one of our WAN guys and disable NATing for that particular subnet.



                    Hugh Irvine                                                                   
                    <hugh at open.com.a        To:     <miko at yournetplus.com>                        
                    u>                      cc:     <radiator at open.com.au>                        
                    Sent by:                Subject:     Re: (RADIATOR) Unknown reply received in 
                    owner-radiator at o        AuthRADIUS - with Attachments                         
                    01/08/2002 01:59                                                              

Hello Miko -

The problem you have is due to the fact that you are sending the proxy
request to one IP address and the reply is coming back from a different IP

Mon Jul 29 10:22:51 2002: DEBUG: Packet dump:
*** Sending to port 1645 ....


Mon Jul 29 10:22:51 2002: DEBUG: Packet dump:
*** Received from port 1645 ....

Radiator keeps track of proxied radius requests using the IP address and
port number to which the request was sent, expecting the reply to come back
from the same place.

I suspect you either have multiple NIC cards in this machine, or you are
using a cluster of some sort.

If you can't fix the target host, you can use the ServerHasBrokenAddresses
parameter in the AuthBy RADIUS clause.

Have a look at section 6.29.20 in the Radiator 3.1 reference manual.



On Thursday, August 1, 2002, at 04:42 AM, <miko at yournetplus.com> wrote:

   Greetings all,,, I am experiencing a rather strange problem proxying
   authentications to another Radius Server...

   Both Systems are running Radiator 3.1 and I can send a test auth direct
   to the proxy and get an access accept, however when I send through my
   main radius server I get an accept packet, but I get the error "WARNING:
   Unknown reply received in AuthRADIUS for request 1 from"
   and it fails the auth...

   I have attached both machines config files <minus the extra handlers in
   the main.cfg> as well as trace logs from each machine as well...

   The proxy admin and myself are both new to Radiator and tried all that
   we could, here is a list of our attempts:

   1> changed secrets
   2> commented out AddToReply statement on proxy
   3> used different username/password

   Any assustance would be greatly appreciated...

   Just as an FYI, I do have my main server Proxying with another machine
   running radiator and all is fine, though I removed that Handler from the
   config, it is identical to the one used in this instance with the
   exception of the realm,ip,secret,etc...

   Thank in advance,

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list