(RADIATOR) Unknown reply received in...
simon at 1earth.net
simon at 1earth.net
Mon Jul 28 19:43:02 CDT 2003
Hi Guys,
I have a problem in that I keep getting the following error from the current
config that I am running.
WARNING: Unknown reply received in AuthRADIUS for request 1 from xx.xx.xx.xx:1645
WARNING: Unknown reply received in AuthRADIUS for request 1 from yy.yy.yy.yy:1645
WARNING: Unknown reply received in AuthRADIUS for request 1 from xx.xx.xx.xx:1645
WARNING: Unknown reply received in AuthRADIUS for request 1 from xx.xx.xx.xx:1646
I am trying look in one database for a user, and if they exist then proxy the
request to another radius server based on the realm.
This config works fine If I just use it with only one user (me) using it. When
a lot of different user use it though, I find that radiator starts to ignore
alot of the reply packets from the downstream radius servers.
It looks like radiator sends out the packet but then receives a reply from one
of the other servers, so it ignores the correct reply, as though it can not tell
the difference between the various replys it has received.
Some of the realms use the same proxy as each other, but other realms that have
one unique server to themselves still get unknown replys.
I think the problem may be stemming from my use of the 'Syncronous' flag but
from what I have checked in the documentation I beleive it is right.
For what It is worth I have included a trace at the end, which shows
request received->
request checked at first db->
proxed to other server->
reply received.
But then I get the unknown reply error.
On another note there is a but of ambiguity with the use of the
FailureBackoffTime in <authby SQLRADIUS> does it relate to the sql server back
off time or the radius proxy backoff time.
My Config...
Basically this is the handler that is hit for almost all the realms...
<Handler Realm = /*.net/>
Identifier RADallusers
AuthBy RADUser
AuthBy RADUserLog
AcctLogFileName /var/log/radacct/details/%R.detail
</Handler>
which then gets passed to this auth module...
<authBy GROUP>
Identifier RADUser
AuthByPolicy ContinueUntilReject
Fork
<authBy SQL>
Identifier RADUserCheck
DBSource dbi:mysql:%{GlobalVar:DBNAME}:%{GlobalVar:DBSERVER}
DBUsername %{GlobalVar:DBUSER}
DBAuth %{GlobalVar:DBPASS}
FailureBackoffTime %{GlobalVar:DBBACKOFFTIME}
IgnoreAccounting
NoDefault
AuthSelect select username, extra from users where username=%0
AuthColumnDef 0, User-Name, check
AuthColumnDef 1, GENERIC, reply
</AuthBy>
<authBy SQLRADIUS>
Identifier RADProxy
Synchronous
# I have tried every combo of these to no availe.
#UseExtendedIds
#IgnoreReplySignature
#ServerHasBrokenAddresses
Retries 2
RetryTimeout 15
DBSource dbi:mysql:%{GlobalVar:DBNAME}:%{GlobalVar:DBSERVER}
DBUsername %{GlobalVar:DBUSER}
DBAuth %{GlobalVar:DBPASS}
FailureBackoffTime %{GlobalVar:DBBACKOFFTIME}
HostSelect select R.host%0, R.secret, R.authport, \
R.acctport, R.rewriteusername from radiusservers R \
where R.dsl_domain='%R'
NumHosts 2
HostColumnDef 0, Host
HostColumnDef 1, Secret
HostColumnDef 2, AuthPort
HostColumnDef 3, AcctPort
HostColumnDef 4, RewriteUsername
</AuthBy>
</AuthBy>
And then this bit...(but no problems here.)
<authBy SQL>
Identifier RADUserLog
DBSource dbi:mysql:%{GlobalVar:DBNAME}:%{GlobalVar:DBSERVER}
DBUsername %{GlobalVar:DBUSER}
DBAuth %{GlobalVar:DBPASS}
FailureBackoffTime %{GlobalVar:DBBACKOFFTIME}
AcctFailedLogFileName %Y%m/%R.detail
AccountingTable detail_%Y%m
IgnoreAuthentication
AcctColumnDef loggin stuff...
</AuthBy>
I do have other Handles in the file that are just strait out <authBy RADIUS>.
Thanks for any help,
Simon Woodward
One Earth Internet
Mon Jul 28 18:45:03 2003: DEBUG: Timed out, retransmitting
Mon Jul 28 18:45:03 2003: DEBUG: Packet dump:
*** Sending to 203.26.199.6 port 1646 ....
Code: Accounting-Request
Identifier: 2
Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Attributes:
Acct-Session-Id = "0006A8F5"
Tunnel-Server-Endpoint = 203.194.30.234
Tunnel-Client-Endpoint = 172.31.148.87
Tunnel-Assignment-ID = 1
Tunnel-Type = 0:L2TP
Tunnel-ID = 1956114
Tunnel-Client-Auth-ID = n2563728k-vez2
Tunnel-Server-Auth-ID = LNS02-DRYB-MEL
Framed-Protocol = PPP
Framed-IP-Address = 220.240.71.96
Ascend-Connect-Progress = 60
Ascend-PreSession-Time = 2
Ascend-Xmit-Rate = 512
Ascend-Data-Rate = 512
Acct-Session-Time = 13962
Acct-Input-Octets = 43904
Acct-Output-Octets = 48593
Ascend-Pre-Input-Octets = 0
Ascend-Pre-Output-Octets = 98
Acct-Input-Packets = 2820
Acct-Output-Packets = 2827
Ascend-Pre-Input-Packets = 0
Ascend-Pre-Output-Packets = 6
Acct-Authentic = RADIUS
Acct-Status-Type = Alive
NAS-Port = 1310
Calling-Station-Id = "atm 9"
Called-Station-Id = "3:2.184#184569834##speed:UBR:512#pppoe
00:09:f3:00:ab:3b#/"
Service-Type = Framed-User
NAS-IP-Address = 203.220.79.62
Ascend-Session-Svr-Key = "91DA2645"
Event-Timestamp = 1059381899
NAS-Identifier = "LNS02-DRYB-MEL.comindico.com.au"
Acct-Delay-Time = 5
User-Name = "c at dr.net"
NAS-Port-Type = ADSL-DMT
Timestamp = 1059381898
Mon Jul 28 18:45:03 2003: DEBUG: Packet dump:
*** Received from 203.194.28.132 port 1813 ....
Code: Accounting-Request
Identifier: 147
Authentic: <248><147>Ud]<0><254><227>LI<182><9>J<173><128>8
Attributes:
Acct-Session-Id = "000DB306"
Tunnel-Server-Endpoint = 203.194.30.234
Tunnel-Client-Endpoint = 172.31.147.87
Tunnel-Assignment-ID = 1
Tunnel-Type = 0:L2TP
Tunnel-ID = 1048028
Tunnel-Client-Auth-ID = n2563728k-nky2
Tunnel-Server-Auth-ID = LNS02-KENT-SYD
Framed-Protocol = PPP
Framed-IP-Address = 220.240.4.159
Ascend-Connect-Progress = 60
Ascend-PreSession-Time = 2
Ascend-Xmit-Rate = 512
Ascend-Data-Rate = 512
Acct-Session-Time = 566934
Acct-Input-Octets = 64704547
Acct-Output-Octets = 103235506
Ascend-Pre-Input-Octets = 0
Ascend-Pre-Output-Octets = 101
Acct-Input-Packets = 260287
Acct-Output-Packets = 274132
Ascend-Pre-Input-Packets = 0
Ascend-Pre-Output-Packets = 5
Acct-Authentic = RADIUS
Acct-Status-Type = Alive
NAS-Port = 1642
Calling-Station-Id = "atm 10"
Called-Station-Id = "0:2.299#184550311##speed:UBR:512#pppoe
00:50:ba:99:e8:b4#/"
Service-Type = Framed-User
NAS-IP-Address = 203.194.30.241
Ascend-Session-Svr-Key = "189124C2"
Event-Timestamp = 1059381904
NAS-Identifier = "LNS02-KENT-SYD.comindico.com.au"
Acct-Delay-Time = 0
User-Name = "b at 1earth.net"
NAS-Port-Type = ADSL-DMT
Proxy-State =
BSP2ims01-syd/6A8327DD60A0ED5525616BCEE8C7A478A18777C27B90B583A712D0B6F52951109EA394BB7B90B0436CD0CCE8A1805778425391
CD9798AD449F71BA7887426403FCCCE02019FFDF76E723B778875D3F54E7CCE02056F4C228897CB76D
Mon Jul 28 18:45:03 2003: DEBUG: Rewrote user name to b at 1earth.net
Mon Jul 28 18:45:03 2003: DEBUG: Rewrote user name to b at 1earth.net
Mon Jul 28 18:45:03 2003: DEBUG: Handling request with Handler 'Realm = 1earth.net'
Mon Jul 28 18:45:03 2003: DEBUG: Adding session for b at 1earth.net,
203.194.30.241, 1642
Mon Jul 28 18:45:03 2003: DEBUG: Handling with Radius::AuthGROUP
Mon Jul 28 18:45:03 2003: DEBUG: Handling with Radius::AuthSQL
Mon Jul 28 18:45:03 2003: DEBUG: Handling with Radius::AuthRADIUS
Mon Jul 28 18:45:03 2003: DEBUG: Query is: 'select R.host1, R.secret,
R.authport, R.acctport, R.rewriteusername,
R.extras from radius R where R.domain='1earth.net'':
Mon Jul 28 18:45:03 2003: DEBUG: Handling with Radius::AuthSQL
Mon Jul 28 18:45:03 2003: DEBUG: Handling accounting with Radius::AuthSQL
Mon Jul 28 18:45:03 2003: DEBUG: Accounting accepted
Mon Jul 28 18:45:03 2003: DEBUG: Packet dump:
*** Sending to 203.194.28.132 port 1813 ....
Code: Accounting-Response
Identifier: 147
Authentic: <248><147>Ud]<0><254><227>LI<182><9>J<173><128>8
Attributes:
Proxy-State =
BSP2ims01-syd/6A8327DD60A0ED5525616BCEE8C7A478A18777C27B90B583A712D0B6F52951109EA394BB7B90B0436CD0CCE8A1805778425391
CD9798AD449F71BA7887426403FCCCE02019FFDF76E723B778875D3F54E7CCE02056F4C228897CB76D
Mon Jul 28 18:45:03 2003: DEBUG: Packet dump:
*** Sending to 203.132.224.18 port 1646 ....
Code: Accounting-Request
Identifier: 7
Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Attributes:
Acct-Session-Id = "000DB306"
Tunnel-Server-Endpoint = 203.194.30.234
Tunnel-Client-Endpoint = 172.31.147.87
Tunnel-Assignment-ID = 1
Tunnel-Type = 0:L2TP
Tunnel-ID = 1048028
Tunnel-Client-Auth-ID = n2563728k-nky2
Tunnel-Server-Auth-ID = LNS02-KENT-SYD
Framed-Protocol = PPP
Framed-IP-Address = 220.240.4.159
Ascend-Connect-Progress = 60
Ascend-PreSession-Time = 2
Ascend-Xmit-Rate = 512
Ascend-Data-Rate = 512
Acct-Session-Time = 566934
Acct-Input-Octets = 64704547
Acct-Output-Octets = 103235506
Ascend-Pre-Input-Octets = 0
Ascend-Pre-Output-Octets = 101
Acct-Input-Packets = 260287
Acct-Output-Packets = 274132
Ascend-Pre-Input-Packets = 0
Ascend-Pre-Output-Packets = 5
Acct-Authentic = RADIUS
Acct-Status-Type = Alive
NAS-Port = 1642
Calling-Station-Id = "atm 10"
Called-Station-Id = "0:2.299#184550311##speed:UBR:512#pppoe
00:50:ba:99:e8:b4#/"
Service-Type = Framed-User
NAS-IP-Address = 203.194.30.241
Ascend-Session-Svr-Key = "189124C2"
Event-Timestamp = 1059381904
NAS-Identifier = "LNS02-KENT-SYD.comindico.com.au"
Acct-Delay-Time = 0
User-Name = "b at 1earth.net"
NAS-Port-Type = ADSL-DMT
Timestamp = 1059381903
Mon Jul 28 18:45:03 2003: DEBUG: Packet dump:
*** Received from 203.132.224.18 port 1646 ....
Code: Accounting-Response
Identifier: 7
Authentic: <222><133><178><141><175><174><220>b<234><19><1><129><28><183><196><180>
Attributes:
Mon Jul 28 18:45:03 2003: WARNING: Unknown reply received in AuthRADIUS for
request 7 from 203.132.224.18:1646
Mon Jul 28 18:45:03 2003: DEBUG: Packet dump:
*** Received from 203.194.28.131 port 1812 ....
Code: Access-Request
Identifier: 149
Authentic: <245>H<13><241><167>yD<19>Zz<177><139>j<14><187>?
Attributes:
Framed-Protocol = PPP
NAS-Port = 2195
Calling-Station-Id = "atm 10"
Called-Station-Id = "0:2.219#184550111##speed:UBR:256#/"
Service-Type = Framed-User
NAS-IP-Address = 203.194.30.241
NAS-Identifier = "LNS02-KENT-SYD.comindico.com.au"
User-Password = "<142><7><209>0K$<146><168>~<249>!<17>c<179>6y"
User-Name = "simo at 1earth.net"
NAS-Port-Type = ADSL-DMT
Proxy-State =
BSP2ims01-syd/F5480DF1A77944135A7AB18B6A0EBB3FC0461D8175533E662DEE5203BCF5406FFF62FEF875533BA6E62C4E5DE85C48FE009D00
EE995B23A1158D38CDCE9E7B858C0B927E1B130BC44C9C24C4928C27898D4F9B62197D54C459
Mon Jul 28 18:45:03 2003: DEBUG: Rewrote user name to simo at 1earth.net
Mon Jul 28 18:45:03 2003: DEBUG: Rewrote user name to simo at 1earth.net
Mon Jul 28 18:45:03 2003: DEBUG: Handling request with Handler 'User-Name =
simo at 1earth.net'
Mon Jul 28 18:45:03 2003: DEBUG: Deleting session for simo at 1earth.net,
203.194.30.241, 2195
Mon Jul 28 18:45:03 2003: DEBUG: Handling with Radius::AuthGROUP
Mon Jul 28 18:45:03 2003: DEBUG: Handling with Radius::AuthSQL
Mon Jul 28 18:45:03 2003: DEBUG: Handling with Radius::AuthSQL
Mon Jul 28 18:45:03 2003: DEBUG: Handling with Radius::AuthSQL: DSLUserCheck
Mon Jul 28 18:45:03 2003: DEBUG: Query is: 'select username, extra from users
where username='simo at 1earth.net'':
Mon Jul 28 18:45:03 2003: DEBUG: Radius::AuthSQL looks for match with
simo at 1earth.net
Mon Jul 28 18:45:03 2003: DEBUG: Query is: 'select username, extra from users
where username='DEFAULT'':
Mon Jul 28 18:45:03 2003: DEBUG: Radius::AuthSQL looks for match with DEFAULT
Mon Jul 28 18:45:03 2003: DEBUG: Radius::AuthSQL ACCEPT:
Mon Jul 28 18:45:03 2003: DEBUG: Handling with Radius::AuthRADIUS
Mon Jul 28 18:45:03 2003: DEBUG: Query is: 'select R.host1, R.secret,
R.authport, R.acctport, R.rewriteusername,
R.extras from radius R where R.domain='1earth.net'':
Mon Jul 28 18:45:03 2003: DEBUG: Packet dump:
*** Sending to 203.132.224.18 port 1645 ....
Code: Access-Request
Identifier: 2
Authentic: <245>H<13><241><167>yD<19>Zz<177><139>j<14><187>?
Attributes:
Framed-Protocol = PPP
NAS-Port = 2195
Calling-Station-Id = "atm 10"
Called-Station-Id = "0:2.219#184550111##speed:UBR:256#/"
Service-Type = Framed-User
NAS-IP-Address = 203.194.30.241
NAS-Identifier = "LNS02-KENT-SYD.comindico.com.au"
User-Password = "<166>UD<162><159>'<186><205>+Oz<149>L<246><253>-"
User-Name = "simo at 1earth.net"
NAS-Port-Type = ADSL-DMT
Mon Jul 28 18:45:03 2003: DEBUG: Packet dump:
*** Received from 203.132.224.18 port 1645 ....
Code: Access-Accept
Identifier: 2
Authentic: v<241><242>y<182><254><4><154>bz<245><127><19><238><133>*
Attributes:
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
Mon Jul 28 18:45:03 2003: WARNING: Unknown reply received in AuthRADIUS for
request 2 from 203.132.224.18:1645
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list