(RADIATOR) Radiator freezing intermitantly
Hugh Irvine
hugh at open.com.au
Sat Jun 28 03:16:40 CDT 2003
Hello Brian -
Thanks for letting me know.
regards
Hugh
On Friday, Jun 27, 2003, at 23:12 Australia/Melbourne, Brian Fisk wrote:
> Well after fooling around with it, I found that the problem was not an
> ip
> issue, but with accounting. The message I was getting from my RAS was
> AUTH:
> client/server failure which I found usually meant a secret mismatch. I
> turned on monitoring for auth and accounting on the ras, and I saw I
> was
> getting the error message in my RAS syslog ever time it sent an
> accounting
> request. I turned off Accounting on my ras and the problem went away
> and
> users could authenticate. So I redid my accounting statements in my
> radius.cfg to be a bit more simple and only logg what I need. I also
> cleared the mysql accounting table which had around 20k entries in it.
> It
> is a slower machine and maybe from what Matt said, it could have been
> too
> much. But it seams to be holding steady.
>
> Brian
>
>
> ----- Original Message -----
> From: "Hugh Irvine" <hugh at open.com.au>
> To: "Brian Fisk" <bfisk at lazerlink.com>
> Cc: <radiator at open.com.au>
> Sent: Thursday, June 26, 2003 8:07 PM
> Subject: Re: (RADIATOR) Radiator freezing intermitantly
>
>
>>
>> Hello Brian -
>>
>> If the machine running Radiator only has a single interface and a
>> single IP address, then the only reason that the NAS will not receive
>> a
>> reply and send a retransmission must be due to packets being dropped
>> on
>> the return path, either because of filters or firewalls or
>> misconfigured interfaces.
>>
>> By definition, if Radiator is receiving the request, processing it and
>> sending back a reply, then Radiator is operating correctly.
>>
>> As mentioned in my previous mail, this sort of problem usually
>> requires
>> debugging with a packet sniffer to ascertain exactly what is going on.
>>
>> regards
>>
>> Hugh
>>
>>
>> On Thursday, Jun 26, 2003, at 23:27 Australia/Melbourne, Brian Fisk
>> wrote:
>>
>>> Update:
>>>
>>> We are running into the same problem on a machine where we are using
>>> the
>>> primary ip address of the system for radiator. A user will dial in
>>> and our
>>> equipment will run the radius request, at which I can see radius
>>> authenticating the user in authlog, but the dialup equip isn't
>>> getting
>>> it
>>> cause it tries 5 times to auth (the set value) and tells users their
>>> username and password is invalid. We are using 3com (now utstarcom)
>>> hiperarc running TCS 4.2 and the newest version of radiator.
>>> Attached is
>>> my conf file. I have radius stable on a system now, but when I tried
>>> to
>>> move it to this new system it worked. The problem is intermitent.
>>>
>>>
>>> # radius.cfg -JJGracia - Jan2003
>>> #
>>> #Foreground
>>> #LogStdout
>>>
>>> # Use a low trace level in production systems. Increase
>>> # it to 4 or 5 for debugging, or use the -trace flag to radiusd
>>>
>>>
>>> PidFile /var/run/radiusd.pid
>>> AuthPort 1645
>>> AcctPort 1646
>>> #BindAddress 199.234.153.42,199.234.153.3
>>> #NasType TotalControlSNMP
>>> #trace 3
>>>
>>> DbDir /etc/radiator
>>> DictionaryFile %D/dictionary.usr
>>>
>>> LogDir /var/log/radius
>>> #LogFile %L/%Y%m.log
>>> #Trace 3
>>>
>>> <Log FILE>
>>> Filename %L/%Y%m.log
>>> Trace 3
>>> #LogFormat %0:%1:%2
>>> LogMicroseconds
>>> </Log>
>>>
>>> <AuthLog FILE>
>>> Identifier myauthlogger
>>> Filename %L/authlog
>>> LogSuccess 1
>>> LogFailure 1
>>> SuccessFormat %l:%U:%P:OK
>>> FailureFormat %l:%U:%P:FAIL
>>> </AuthLog>
>>>
>>> <StatsLog FILE>
>>> Identifier mystatslogger
>>> Filename %L/statslog
>>> # Format %0:%1:%2:%23
>>> </StatsLog>
>>>
>>> <Client localhost>
>>> Secret tempest
>>> DupInterval 0
>>> </Client>
>>>
>>> <Client DEFAULT>
>>> Secret tempest
>>> DupInterval 0
>>> # NasType TotalControl
>>> SNMPCommunity private
>>> </Client>
>>>
>>> <SessionDatabase SQL>
>>> DBSource dbi:mysql:radius:localhost
>>> DBUsername blue
>>> DBAuth green
>>> </SessionDatabase>
>>>
>>> <ClientListSQL>
>>> DBSource dbi:mysql:radius
>>> DBUsername blue
>>> DBAuth green
>>> </ClientListSQL>
>>>
>>> <Realm DEFAULT>
>>>
>>>
>>> RewriteUsername s/^([^@]+).*/$1/
>>> RewriteUsername tr/[A-Z]/[a-z]/
>>> RewriteUsername s/\s+//g
>>> # RewriteUsername tr/A-Za-z0-9_@//cd
>>> # AcctLogFileName %L/detail
>>> # WtmpFileName %L/wtmp
>>>
>>> <AuthBy SQL>
>>>
>>> DBSource dbi:mysql:radius:localhost
>>> DBUsername blue
>>> DBAuth green
>>>
>>> AuthSelect select PASSWORD,CHECKATTR,REPLYATTR from
>>> SUBSCRIBERS
>>> where USERNAME='%n'
>>>
>>> AccountingTable ACCOUNTING
>>> AcctColumnDef USERNAME,User-Name
>>> AcctColumnDef TIME_STAMP,Timestamp,integer
>>> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
>>> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
>>> AcctColumnDef
>>> ACCTINPUTOCTETS,Acct-Input-Octets,integer
>>> AcctColumnDef
>>> ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
>>> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
>>> AcctColumnDef
>>> ACCTSESSIONTIME,Acct-Session-Time,integer
>>> AcctColumnDef
>>> ACCTTERMINATECAUSE,Acct_Terminate-Cause
>>> AcctColumnDef NASIDENTIFIER,NAS-IP-Address
>>> AcctColumnDef NASIPADDRESS,NAS-Identifier
>>> AcctColumnDef NASPORT,NAS-Port,integer
>>> AcctColumnDef ACCTFRAMEDIP,Framed-IP-Address
>>> AcctColumnDef ACCTFRAMEDNETMASK,Framed-Netmask
>>> AcctColumnDef ACCTCALLERID,Calling-Station-Id
>>> AcctColumnDef ACCTCALLEDID,Called-Station-Id
>>> AcctColumnDef
>>> MODEMTRAININGTIME,Modem-Training-Time,integer
>>> AcctColumnDef
>>> CHASISCALLSLOT,Chassis-Call-Slot,integer
>>> AcctColumnDef
>>> CHASISCALLSPAN,Chassis-Call-Span,integer
>>> AcctColumnDef
>>> CHASISCALLCHAN,Chassis-Call-Channel,integer
>>> AcctColumnDef MODULATIONTYPE,Modulation-Type
>>> AcctColumnDef ERRORCNTL,Error-Control
>>> AcctColumnDef COMPRESSTYPE,Compression-Type
>>> AcctColumnDef INTICONNECTRATE,Initial-Connect-Rate
>>> AcctColumnDef FRAMEDPROTOCOL,Framed-Protocol
>>> AcctColumnDef SPEEDOFCONNECT, Speed-Of-Connection
>>> # AcctFailedLogFileName %D/missedaccounting
>>> </AuthBy>
>>> AuthLog myauthlogger
>>> #StatsLog mystatslogger
>>> </Realm>
>>>
>>>
>>>
>>>
>>>
>>>
>>> ----- Original Message -----
>>> From: "Hugh Irvine" <hugh at open.com.au>
>>> To: "Brian Fisk" <bfisk at lazerlink.com>
>>> Cc: <radiator at open.com.au>
>>> Sent: Friday, June 20, 2003 7:41 PM
>>> Subject: Re: (RADIATOR) Radiator freezing intermitantly
>>>
>>>
>>>>
>>>> Hello Brian -
>>>>
>>>> On machines with multiple interfaces, this is usually due to the
>>>> radius
>>>> response being sent back to the client from a different IP address
>>>> to
>>>> that from which the request was received (ie the response was sent
>>>> via
>>>> a different interface).
>>>>
>>>> Using a sniffer to check the packet flow is usually very helpful
>>>> (snoop, tcpdump, ethereal, ...).
>>>>
>>>> regards
>>>>
>>>> Hugh
>>>>
>>>>
>>>> On Friday, Jun 20, 2003, at 23:12 Australia/Melbourne, Brian Fisk
>>>> wrote:
>>>>
>>>>> We had more troubles yesterday and the problem that is happening is
>>>>> when we
>>>>> have radiator setup to bind on a secondary ip of the machine.
>>>>> When I
>>>>> took
>>>>> out the bind address statement, which should make radiator listen
>>>>> on
>>>>> all
>>>>> ip's, it still wouldn't work. I had to set our dialup equipment to
>>>>> use the
>>>>> base ip of the machine and then it started working. When a user
>>>>> tried
>>>>> to
>>>>> dial up, they would authenticate, as I could see in my authlog, but
>>>>> the
>>>>> dialup equipment kept authenticating them for around 3-4 times
>>>>> before
>>>>> it
>>>>> hung up on them. The dialup equipment (total control) was giving
>>>>> me
>>>>> error
>>>>> messages that according to the total control website, said that the
>>>>> secret
>>>>> key was a mismatch. I think it's an ip issue with the machine but
>>>>> we
>>>>> will
>>>>> find out more from testing on monday.
>>>>>
>>>>> Brian Fisk
>>>>>
>>>>>
>>>>>
>>>>> ----- Original Message -----
>>>>> From: "Hugh Irvine" <hugh at open.com.au>
>>>>> To: "Brian Fisk" <bfisk at lazerlink.com>
>>>>> Cc: <radiator at open.com.au>
>>>>> Sent: Thursday, June 19, 2003 8:03 PM
>>>>> Subject: Re: (RADIATOR) Radiator freezing intermitantly
>>>>>
>>>>>
>>>>>>
>>>>>> Hello Brian -
>>>>>>
>>>>>> I will need to see a copy of the configuration file (no secrets)
>>>>>> together with a trace 4 debug from Radiator showing what is
>>>>>> happening.
>>>>>>
>>>>>> There is also a FAQ item regarding Redhat 8 here:
>>>>>>
>>>>>> http://www.open.com.au/radiator/faq.html#127
>>>>>>
>>>>>> regards
>>>>>>
>>>>>> Hugh
>>>>>>
>>>>>>
>>>>>> On Friday, Jun 20, 2003, at 02:20 Australia/Melbourne, Brian Fisk
>>>>>> wrote:
>>>>>>
>>>>>>> I have been running radiator on the same server for the last 3
>>>>>>> years
>>>>>>> and it
>>>>>>> worked perfect. I am now setting up radiator 3.6 on another
>>>>>>> server
>>>>>>> using
>>>>>>> the old config file which was version 2.18.1
>>>>>>>
>>>>>>> I am noticing that radiator will just freeze up for a period of 5
>>>>>>> minutes or
>>>>>>> so. Is there any incompatabilities between the versions for the
>>>>>>> config
>>>>>>> file, or can someone suggest a way of logging to diagnose the
>>>>>>> problem?
>>>>>>>
>>>>>>> I am running Redhat 8.0 Linux server1 2.4.18-24.8.0smp #1 SMP Fri
>>>>>>> Jan
>>>>>>> 31
>>>>>>> 06:03:47 EST 2003 i686 i686 i386 GNU/Linux)
>>>>>>>
>>>>>>>
>>>>>>> ===
>>>>>>> Archive at http://www.open.com.au/archives/radiator/
>>>>>>> Announcements on radiator-announce at open.com.au
>>>>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>>>>> 'unsubscribe radiator' in the body of the message.
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> NB: have you included a copy of your configuration file (no
>>>>>> secrets),
>>>>>> together with a trace 4 debug showing what is happening?
>>>>>>
>>>>>> --
>>>>>> Radiator: the most portable, flexible and configurable RADIUS
>>>>>> server
>>>>>> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS
>>>>>> X.
>>>>>> -
>>>>>> Nets: internetwork inventory and management - graphical,
>>>>>> extensible,
>>>>>> flexible with hardware, software, platform and database
>>>>>> independence.
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>> NB: have you included a copy of your configuration file (no
>>>> secrets),
>>>> together with a trace 4 debug showing what is happening?
>>>>
>>>> --
>>>> Radiator: the most portable, flexible and configurable RADIUS server
>>>> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>>>> -
>>>> Nets: internetwork inventory and management - graphical, extensible,
>>>> flexible with hardware, software, platform and database
>>>> independence.
>>>>
>>>> ===
>>>> Archive at http://www.open.com.au/archives/radiator/
>>>> Announcements on radiator-announce at open.com.au
>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>> 'unsubscribe radiator' in the body of the message.
>>>>
>>>>
>>>
>>> ===
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>>
>> NB: have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>>
>> ===
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>>
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list