(RADIATOR) Radiator ignoring some clients

Frank Danielson fdanielson at csky.com
Wed Dec 17 15:27:50 CST 2003


Hi Jason-

OK. If you have some time in the future and can do a snoop -o and a trace 4
at the same time it may help someone on the list identify your problem. The
only suggestion I can make is that there may be a local network problem of
some sort. By default snoop runs in promiscuous mode so it catches
everything going down the wire, try turning off promiscuous mode with the -P
option and see what happens. Or try looking at the MAC address those packets
are sent to and make sure it matches the interface on your server.

-Frank

-----Original Message-----
From: Jason Signalness [mailto:jason at btiadmin.net]
Sent: Wednesday, December 17, 2003 4:05 PM
To: Frank Danielson
Subject: Re: (RADIATOR) Radiator ignoring some clients



I have attached my radius.cfg file.  Currently, I don't have the ability 
to capture a snoop showing the problem.  Basically, here's what I saw 
during the snoop:

# snoop port 1812 ns1
<NAS A> -> ns1
<NAS A> -> ns1
<NAS A> -> ns1
<NAS B> -> ns1
<NAS B> -> ns1
<NAS B> -> ns1
. . .

As far as a level 4 trace, it showed nothing from the NASes it decided 
to ignore (like A and B in the example snoop).  According to the logs, 
all the other NASes were behaving normally.

Thanks,
jason

Frank Danielson wrote:

>It's hard to say from the info you have provided. How about providing the
>config file, a level 4 trace, and doing a snoop -o to capture some of this
>unanswered traffic to a file and send that as well? 
>
>-----Original Message-----
>From: Jason Signalness [mailto:jsignalness at btinet.net]
>Sent: Wednesday, December 17, 2003 2:11 PM
>To: radiator at open.com.au
>Subject: (RADIATOR) Radiator ignoring some clients
>
>
>Hello,
>
>We are having serious issues with Radiator.  I tried e-mailing this to 
>radius-support and to the list, but have not received a response from 
>either.  It doesn't appear the message posted to the list, so I will try 
>again using my other address.
>
>Our environment:
>  Radiator 3.7.1
>  Perl 5.8.1
>  Solaris 9
>
>Basically, we tried to upgrade from Radiator 3.3.1 running on Solaris 8 
>with Perl 5.6 to the new setup.  On the new server (Solaris 9) I 
>installed Radiator, copied over the config files, updated the 
>environment variables (ORACLE_HOME, etc) and started it up.  No 
>problems.  I used radpwtst to test users in our various databases (LDAP, 
>Oracle, and a flat file) and it all seemed fine.
>
>Then we put this upgraded system (actually 2 identical systems) into 
>production.  Requests from certain access servers are handled and 
>answered by Radiator.  Requests from other access servers seem to be 
>completely ignored.  By "completely ignored," I mean that nothing shows 
>up at all in a DEBUG level log.  If I run a snoop on the radius server, 
>I see a ton of traffic from a given NAS to the radius server on port 
>1812, but not a single response going the other way.
>
>We have cleared the ARP entries in our switches and rebooted one of the 
>NASes.  Same behavior.  It is as if Radiator simply doesn't pay 
>attention to some access servers or some requests from some access servers.
>
>Eventually, we gave up and powered on our old servers (Radiator 3.3.1, 
>Perl 5.6, Solaris 8).  The really weird thing is that we see this 
>behavior on these servers as well... and they worked perfectly earlier. 
>
>When I launch Radar, I see the clients listed.  And like I said before, 
>I'm not getting any "bad authenticator" errors in the logs.  Nothing 
>shows up at all for most of our access servers.
>
>I'm desparate for assistance.
>
>Thanks,
>  
>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list