(RADIATOR) Requests to dead host are reapated forever when using RADSEC

Mike McCauley mikem at open.com.au
Tue Dec 13 15:31:43 CST 2005 

Hello Jan,

This is expected behaviour. RadSec is trying to deliver pending requests that 
it has queued, and will keep trying until it is successful. While this may 
not seem very useful for Access-Request, it is for Accounting-Requests. This 
is part of the RadSec's goal to be more reliable than plain RADIUS.

Cheers.


On Tuesday 13 December 2005 22:03, Jan Tomasek wrote:
> Hello,
>
> this subject was already used in RADSEC list but thread was hijacked for
> other stuff. So, I repeat problem again here because it still remains.
>
> I've two hosts radsec1.cesnet.cz (hadling cesnet.cz realm) and
> semik3.cesnet.cz (handling tomasek.cz realm). They are connected by
> DNSROAM and RADSEC. Config:
>
> <Handler Realm=/^.+$/>
>         <AuthBy DNSROAM>
>                 Address                 localhost
>                 Port                    2083
>                 Transport               tcp
>                 Protocol                radsec
>
>                 ConnectOnDemand
>
>                 UseTLS
>
>                 TLS_CAPath              /etc/ssl/certs
>                 TLS_CertificateFile
> /etc/ssl/certs/radsecClient_radsec1.cesnet.cz.crt.pem
>                 TLS_CertificateType     PEM
>                 TLS_PrivateKeyFile
> /etc/ssl/private/radsecClient_radsec1.cesnet.cz.key.pem
>
>                 #TLS_CRLCheck
>
>                 #TLS_ExpectedPeerName   .+
>
>                 #RewriteTargetRealm s/^.+\.([^\.]+)$/$1.test.eduroam.org/
>
>                 <Route>
>                         Realm DEFAULT
>                         Address etlr-test.eduroam.org
>                         Port 2083
>                         Transport tcp
>                         Protocol radsec
>                 </Route>
>         </AuthBy>
> </Handler>
>
> If I turn off server semik3.cesnet.cz and sent request for
> authentication of semik at tomasek.cz to radsec1.cesnet.cz, it starts
> attempt conectiong to semik3 for ever (or at least for very long time).
>
> It helps to restart radsec1 but... still I think this is not ok? Am I
> missing some direction in config is is this bug?
>
>
> Log:
>
> Tue Dec 13 12:48:02 2005: DEBUG: AuthBy DNSROAM result: IGNORE,
> Tue Dec 13 12:48:02 2005: DEBUG: Stream connection to
> semik3.cesnet.cz:2083 failed: Connection refused
> Tue Dec 13 12:48:02 2005: DEBUG: Stream disconnected from
> semik3.cesnet.cz:2083
> Tue Dec 13 12:48:04 2005: INFO: AuthRADSEC: No reply from
> semik3.cesnet.cz:2083 for semik at tomasek.cz  (120)
> Tue Dec 13 12:48:07 2005: DEBUG: Stream attempting tcp connection to
> semik3.cesnet.cz:2083
> Tue Dec 13 12:48:07 2005: DEBUG: Stream connection in progress to
> semik3.cesnet.cz:2083
> Tue Dec 13 12:48:07 2005: INFO: AuthRADSEC: No reply from
> semik3.cesnet.cz:2083 for semik at tomasek.cz  (120)
> Tue Dec 13 12:48:07 2005: DEBUG: Stream connection to
> semik3.cesnet.cz:2083 failed: Connection refused
> Tue Dec 13 12:48:07 2005: DEBUG: Stream disconnected from
> semik3.cesnet.cz:2083
> Tue Dec 13 12:48:12 2005: DEBUG: Stream attempting tcp connection to
> semik3.cesnet.cz:2083
> Tue Dec 13 12:48:12 2005: DEBUG: Stream connection in progress to
> semik3.cesnet.cz:2083
> Tue Dec 13 12:48:12 2005: DEBUG: Stream connection to
> semik3.cesnet.cz:2083 failed: Connection refused
> Tue Dec 13 12:48:12 2005: DEBUG: Stream disconnected from
> semik3.cesnet.cz:2083
> Tue Dec 13 12:48:17 2005: DEBUG: Stream attempting tcp connection to
> semik3.cesnet.cz:2083
> Tue Dec 13 12:48:17 2005: DEBUG: Stream connection in progress to
> semik3.cesnet.cz:2083
> Tue Dec 13 12:48:17 2005: DEBUG: Stream connection to
> semik3.cesnet.cz:2083 failed: Connection refused
> Tue Dec 13 12:48:17 2005: DEBUG: Stream disconnected from
> semik3.cesnet.cz:2083
> Tue Dec 13 12:48:22 2005: DEBUG: Stream attempting tcp connection to
> semik3.cesnet.cz:2083
> Tue Dec 13 12:48:22 2005: DEBUG: Stream connection in progress to
> semik3.cesnet.cz:2083
> Tue Dec 13 12:48:22 2005: DEBUG: Stream connection to
> semik3.cesnet.cz:2083 failed: Connection refused
> Tue Dec 13 12:48:22 2005: DEBUG: Stream disconnected from
> semik3.cesnet.cz:2083
> Tue Dec 13 12:48:27 2005: DEBUG: Stream attempting tcp connection to
> semik3.cesnet.cz:2083
> Tue Dec 13 12:48:27 2005: DEBUG: Stream connection in progress to
> semik3.cesnet.cz:2083
> Tue Dec 13 12:48:27 2005: DEBUG: Stream connection to
> semik3.cesnet.cz:2083 failed: Connection refused
> Tue Dec 13 12:48:27 2005: DEBUG: Stream disconnected from
> semik3.cesnet.cz:2083
> Tue Dec 13 12:48:32 2005: DEBUG: Stream attempting tcp connection to
> semik3.cesnet.cz:2083
> Tue Dec 13 12:48:32 2005: DEBUG: Stream connection in progress to
> semik3.cesnet.cz:2083
> Tue Dec 13 12:48:32 2005: DEBUG: Stream connection to
> semik3.cesnet.cz:2083 failed: Connection refused
> Tue Dec 13 12:48:32 2005: DEBUG: Stream disconnected from
> semik3.cesnet.cz:2083
>
>
> nad now after 10minutes it still tryies connect:
>
>
> Tue Dec 13 12:59:57 2005: DEBUG: Stream attempting tcp connection to
> semik3.cesnet.cz:2083
> Tue Dec 13 12:59:57 2005: DEBUG: Stream connection in progress to
> semik3.cesnet.cz:2083
> Tue Dec 13 12:59:57 2005: DEBUG: Stream connection to
> semik3.cesnet.cz:2083 failed: Connection refused
> Tue Dec 13 12:59:57 2005: DEBUG: Stream disconnected from
> semik3.cesnet.cz:2083
> Tue Dec 13 13:00:02 2005: DEBUG: Stream attempting tcp connection to
> semik3.cesnet.cz:2083
> Tue Dec 13 13:00:02 2005: DEBUG: Stream connection in progress to
> semik3.cesnet.cz:2083
> Tue Dec 13 13:00:02 2005: DEBUG: Stream connection to
> semik3.cesnet.cz:2083 failed: Connection refused
> Tue Dec 13 13:00:02 2005: DEBUG: Stream disconnected from
> semik3.cesnet.cz:2083
> Tue Dec 13 13:00:07 2005: DEBUG: Stream attempting tcp connection to
> semik3.cesnet.cz:2083
> Tue Dec 13 13:00:07 2005: DEBUG: Stream connection in progress to
> semik3.cesnet.cz:2083
> Tue Dec 13 13:00:07 2005: DEBUG: Stream connection to
> semik3.cesnet.cz:2083 failed: Connection refused
> Tue Dec 13 13:00:07 2005: DEBUG: Stream disconnected from
> semik3.cesnet.cz:2083
> Tue Dec 13 13:00:12 2005: DEBUG: Stream attempting tcp connection to
> semik3.cesnet.cz:2083
> Tue Dec 13 13:00:12 2005: DEBUG: Stream connection in progress to
> semik3.cesnet.cz:2083
> Tue Dec 13 13:00:12 2005: DEBUG: Stream connection to
> semik3.cesnet.cz:2083 failed: Connection refused
> Tue Dec 13 13:00:12 2005: DEBUG: Stream disconnected from
> semik3.cesnet.cz:2083
> Tue Dec 13 13:00:17 2005: DEBUG: Stream attempting tcp connection to
> semik3.cesnet.cz:2083
> Tue Dec 13 13:00:17 2005: DEBUG: Stream connection in progress to
> semik3.cesnet.cz:2083
> Tue Dec 13 13:00:17 2005: DEBUG: Stream connection to
> semik3.cesnet.cz:2083 failed: Connection refused
> Tue Dec 13 13:00:17 2005: DEBUG: Stream disconnected from
> semik3.cesnet.cz:2083
> Tue Dec 13 13:00:22 2005: DEBUG: Stream attempting tcp connection to
> semik3.cesnet.cz:2083
> Tue Dec 13 13:00:22 2005: DEBUG: Stream connection in progress to
> semik3.cesnet.cz:2083
> Tue Dec 13 13:00:22 2005: DEBUG: Stream connection to
> semik3.cesnet.cz:2083 failed: Connection refused
> Tue Dec 13 13:00:22 2005: DEBUG: Stream disconnected from
> semik3.cesnet.cz:2083
>
>
>
>
>
> Best regards

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list