[RADIATOR] FarmSize (Server Farm) and PEAP fast reconnect

Hugh Irvine hugh at open.com.au
Tue Oct 27 16:28:00 CDT 2009 

Hello Andrew -

No you can't use these together directly.

However you can run multiple instances of Radiator with a "frontend"  
configured with both FarmSize and an AuthBy EAPBALANCE pointing at  
multiple "backends", each doing PEAP, TTLS, or whatever. On the  
backend Client clause you should use "UseContentsForDuplicateDetection".

Hope that helps.

regards

Hugh


On 28 Oct 2009, at 03:11, Andrew D. Clark wrote:

> Hi,
>
> I'm wondering if anyone is using the FarmSize parameter along with  
> PEAP fast
> reconnect.  I seem to get a lot of TLS failures related to PEAP fast
> reconnects when I set FarmSize to something other than 0:
>
> Tue Oct 27 10:38:04 2009: ERR: EAP PEAP TLS read failed:  16946: 1 -
> error:140D2081:SSL routines:TLS1_ENC:block cipher pad is wrong
> Tue Oct 27 10:38:04 2009: INFO: Access rejected for userX: EAP PEAP  
> TLS read
> failed
> Tue Oct 27 10:38:04 2009: ERR: EAP PEAP TLS read failed:  16946: 1 -
> error:140D2081:SSL routines:TLS1_ENC:block cipher pad is wrong
> Tue Oct 27 10:38:04 2009: INFO: Access rejected for userX: EAP PEAP  
> TLS read
> failed
>
> So I've set FarmSize back to 0 and the problem appears to disappear.
> Normal EAP-PEAP authentication works fine, just fast reconnect has  
> issues.
>
> Do FarmSize and PEAP fast reconnect not play well together?
>
> -- 
> Andrew D. Clark
> Network Operations Engineer
> University of Minnesota, Networking/Telecom Services
> 2218 University Ave SE
> Minneapolis, MN 55414-3029
> Phone: 612-626-4880
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator 
)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

More information about the radiator mailing list