(RADIATOR) Radiator on Windows 2000 multi-homed host

Groot N. de NdeGroot at ktu.nl
Thu Feb 27 09:51:53 CST 2003


On my server I had a difficult to find but easy to remedy problem. After
installing W2K instead of NT 4.0 I used the exact Radiator and config I used
succesfully earlier. My NIC had and has two ip-numbers x.x.x.242(Zope) and
x.x.x.246 (Radius)

Local testing and even testing from another machine was succesfull. But
communication back to the upsteam Radius server which uses AuthRadius was
not longer working. In the log (see below) I could see the request and my
reply back. No problem here. And there was no blocking firewall.
Sniffing eventually showed that the replying ipnumber was 242. And this
source addres was ignored by the upstream Radiator!

So Radiator seems to be using a different number to reply from than the
number it received the request on. (tcpdump available)

As I said, easy to remedy by using 
	BindAdress x.x.x.246
Now radiator only listens/replies to/from this address.

Two suggestions:
1. If this behaviour can be confirmed (other platforms?) maybe it should be
changed, or documented.
2. Put the sending address in the trace 4 output

Greetings,

Nico de Groot
KTU



snip ----
Thu Feb 27 15:45:29 2003: INFO: Duplicate request id 70 received from
131.211.16.41(41728): ignored
Thu Feb 27 15:45:30 2003: DEBUG: Packet dump:
*** Received from 131.211.16.41 port 41728 ....
Code:       Access-Request
Identifier: 72
Authentic:  5oS<200><248><208>m<223><219>V<128><153>Y<134><206><253>
Attributes:
	Framed-Protocol = PPP
	User-Name = "ndegroot at ktu.nl"
	User-Password =
"T<139><199><132><27><24>d<146>I<198><7><165><155><30>+<168>"
	NAS-Port-Type = Async
	Calling-Station-Id = "302539753"
	Called-Station-Id = "877880070"
	Service-Type = Framed-User
	NAS-IP-Address = 195.169.131.8

Thu Feb 27 15:45:30 2003: DEBUG: Handling request with Handler
'Realm=ktu.nl'
Thu Feb 27 15:45:30 2003: DEBUG: Rewrote user name to ndegroot
Thu Feb 27 15:45:30 2003: DEBUG:  Deleting session for ndegroot at ktu.nl,
195.169.131.8, 
Thu Feb 27 15:45:30 2003: DEBUG: Handling with Radius::AuthFILE: 
Thu Feb 27 15:45:30 2003: DEBUG: Radius::AuthFILE looks for match with
ndegroot
Thu Feb 27 15:45:30 2003: DEBUG: Handling with NT
Thu Feb 27 15:45:30 2003: DEBUG: Radius::AuthFILE ACCEPT: 
Thu Feb 27 15:45:30 2003: DEBUG: Access accepted for ndegroot
Thu Feb 27 15:45:30 2003: DEBUG: Packet dump:
*** Sending to 131.211.16.41 port 41728 ....
Code:       Access-Accept
Identifier: 72
Authentic:  5oS<200><248><208>m<223><219>V<128><153>Y<134><206><253>
Attributes:





===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list