(RADIATOR) Re: Secondary Server Problem -- Third Post

Hugh Irvine hugh at open.com.au
Thu Jan 20 21:18:43 CST 2005 

Hello Brandon -

Are you sure its not a timeout problem rather than an incorrect 
password?

As you have it configured below, there will be a 30 second delay before 
the second proxy server is tried.

regards

Hugh


On 21 Jan 2005, at 04:28, Brandon Shiers wrote:

> Folks,
>
> I ran into a problem last night, and I can't seem to put my finger on
> it.  I run one of my customers through my 2 proxy servers.  I have them
> using the default authenticator in my proxy config file, and it's
> configured like this:
>
> <Handler>
>         SessionDatabase SDBN
>
>         <AuthBy RADIUS>
>                 NoDefault
>                 Host            x.x.x.x
>                 Host            x.x.x.x
>                 Secret          mysecret
>                 AuthPort        1645
>                 AcctPort        1646
>                 Retries         5
>                 RetryTimeout    5
>         </AuthBy>
> </Handler>
>
> The first host specified in the config last night had issues, and was
> out for about 2 hours.  While it was out (my proxy saw that it was
> getting no response from host 1), my customer's users still couldn't
> authenticate.
>
> The 2nd server was replying with login OK, as seen in the logs below,
> however my users were still getting rejected due to password errors
> (acording to their DUN)
>
> I saw nothing in my proxy logfile to indicate problems.
>
> Here is a bit of my customer's radius logs:
>
> Sun Jan  9 20:09:22 2005 : Auth: Login OK: [user1] (from client
> #WYOPROXY2 port 3303)
> Sun Jan  9 20:09:27 2005 : Auth: Login OK: [user1] (from client
> #WYOPROXY1 port 3303)
> Sun Jan  9 20:09:30 2005 : Auth: Login OK: [user2] (from client
> #WYOPROXY1 port 3306)
> Sun Jan  9 20:09:32 2005 : Auth: Login OK: [user1] (from client
> #WYOPROXY2 port 3303)
> Sun Jan  9 20:09:36 2005 : Auth: Login OK: [user2] (from client
> #WYOPROXY2 port 3306)
> Sun Jan  9 20:09:36 2005 : Auth: Login OK: [brogdons] (from client
> #WYOPROXY2 port 3246)
> Sun Jan  9 20:09:36 2005 : Auth: Login OK: [user1] (from client
> #WYOPROXY1 port 3303)
> Sun Jan  9 20:09:40 2005 : Auth: Login OK: [user2] (from client
> #WYOPROXY1 port 3306)
> Sun Jan  9 20:09:42 2005 : Auth: Login OK: [user1] (from client
> #WYOPROXY2 port 3303)
> Sun Jan  9 20:09:46 2005 : Auth: Login OK: [user2] (from client
> #WYOPROXY2 port 3306)
> Sun Jan  9 20:09:51 2005 : Auth: Login OK: [user2] (from client
> #WYOPROXY1 port 3306)
>
> My customer is using FreeRadius, both boxes configured the same.
> Listening on port 1645 and 1646.
>
> Any ideas?
>
> I have verified I can authenticate from my proxy servers against their
> RADIUS servers.
>
>

NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive 
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list