(RADIATOR) Radiator on Windows 2000 multi-homed host

Thu Feb 27 14:31:09 CST 2003

Hello Nico -

Thanks for the mail.

This problem has in fact been discussed on the mailing list several 
times, and the answer is almost always the same - it is the operating 
system that decides how to actually send the packet. I am interested 
however that BindAddress works in your case, as it doesn't on some 
other platforms.

The mailing list archive is at

	www.open.com.au/archives/radiator

A packet sniffer is invaluable in these kinds of situations.

regards

Hugh

On Friday, Feb 28, 2003, at 02:51 Australia/Melbourne, Groot N. de 
wrote:

> On my server I had a difficult to find but easy to remedy problem. 
> After
> installing W2K instead of NT 4.0 I used the exact Radiator and config 
> I used
> succesfully earlier. My NIC had and has two ip-numbers x.x.x.242(Zope) 
> and
> x.x.x.246 (Radius)
>
> Local testing and even testing from another machine was succesfull. But
> communication back to the upsteam Radius server which uses AuthRadius 
> was
> not longer working. In the log (see below) I could see the request and 
> my
> reply back. No problem here. And there was no blocking firewall.
> Sniffing eventually showed that the replying ipnumber was 242. And this
> source addres was ignored by the upstream Radiator!
>
> So Radiator seems to be using a different number to reply from than the
> number it received the request on. (tcpdump available)
>
> As I said, easy to remedy by using
> 	BindAdress x.x.x.246
> Now radiator only listens/replies to/from this address.
>
> Two suggestions:
> 1. If this behaviour can be confirmed (other platforms?) maybe it 
> should be
> changed, or documented.
> 2. Put the sending address in the trace 4 output
>
> Greetings,
>
> Nico de Groot
> KTU
>
>
>
> snip ----
> Thu Feb 27 15:45:29 2003: INFO: Duplicate request id 70 received from
> 131.211.16.41(41728): ignored
> Thu Feb 27 15:45:30 2003: DEBUG: Packet dump:
> *** Received from 131.211.16.41 port 41728 ....
> Code:       Access-Request
> Identifier: 72
> Authentic:  5oS<200><248><208>m<223><219>V<128><153>Y<134><206><253>
> Attributes:
> 	Framed-Protocol = PPP
> 	User-Name = "ndegroot at ktu.nl"
> 	User-Password =
> "T<139><199><132><27><24>d<146>I<198><7><165><155><30>+<168>"
> 	NAS-Port-Type = Async
> 	Calling-Station-Id = "302539753"
> 	Called-Station-Id = "877880070"
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 195.169.131.8
>
> Thu Feb 27 15:45:30 2003: DEBUG: Handling request with Handler
> 'Realm=ktu.nl'
> Thu Feb 27 15:45:30 2003: DEBUG: Rewrote user name to ndegroot
> Thu Feb 27 15:45:30 2003: DEBUG:  Deleting session for ndegroot at ktu.nl,
> 195.169.131.8,
> Thu Feb 27 15:45:30 2003: DEBUG: Handling with Radius::AuthFILE:
> Thu Feb 27 15:45:30 2003: DEBUG: Radius::AuthFILE looks for match with
> ndegroot
> Thu Feb 27 15:45:30 2003: DEBUG: Handling with NT
> Thu Feb 27 15:45:30 2003: DEBUG: Radius::AuthFILE ACCEPT:
> Thu Feb 27 15:45:30 2003: DEBUG: Access accepted for ndegroot
> Thu Feb 27 15:45:30 2003: DEBUG: Packet dump:
> *** Sending to 131.211.16.41 port 41728 ....
> Code:       Access-Accept
> Identifier: 72
> Authentic:  5oS<200><248><208>m<223><219>V<128><153>Y<134><206><253>
> Attributes:
>
>
>
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.