[RADIATOR] What do these error messages indicate ?

Hugh Irvine hugh at open.com.au
Mon Aug 30 16:39:49 CDT 2010


Hello Neil -

Excellent!

That was going to be my next suggestion….

Thanks for letting me know.

regards

Hugh


On 30 Aug 2010, at 16:31, Johnson, Neil M wrote:

> Hugh,
> 
> After communicating with the other RADIUS server vendor, I enabled "UseExtendedIds". The other RADIUS server was seeing different transactions as duplicates based on Packet ID's. Enabling Extended Id's seems to have resolve the issue.
> 
> -Neil
> 
> 
> -- 
> Neil Johnson
> Network Engineer
> Information Technology Services
> The University of Iowa
> Work: 319 384-0938
> Mobile: 319 540-2081
> Fax: 319 355-2618
> E-mail: neil-johnson at uiowa.edu
> 
> 
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au] 
> Sent: Friday, August 27, 2010 5:47 PM
> To: Johnson, Neil M
> Cc: radiator at open.com.au
> Subject: Re: [RADIATOR] What do these error messages indicate ?
> 
> 
> Hello Neil -
> 
> In this case what is usually happening is the target RADIUS server is slow to respond, your RADIUS server sends a retransmission, the first reply comes back from the target which is processed normally, then finally the reply to the retransmission comes back and it is marked as "unknown reply" because the previous reply has already been processed.
> 
> The "Bad authenticator" indicates an incorrect shared secret.
> 
> regards
> 
> Hugh
> 
> 
> On 27 Aug 2010, at 23:56, Johnson, Neil M wrote:
> 
>> 
>> The messages appear only when the server is under high load. I'm investigating with the upstream radius server vendor.
>> 
>> Thanks.
>> 
>> -Neil
>> 
>> -- 
>> Neil Johnson
>> Network Engineer
>> Information Technology Services
>> The University of Iowa
>> Work: 319 384-0938
>> Mobile: 319 540-2081
>> Fax: 319 355-2618
>> E-mail: neil-johnson at uiowa.edu
>> 
>> -----Original Message-----
>> From: Hugh Irvine [mailto:hugh at open.com.au] 
>> Sent: Thursday, August 26, 2010 8:20 PM
>> To: Johnson, Neil M
>> Cc: radiator at open.com.au
>> Subject: Re: [RADIATOR] What do these error messages indicate ?
>> 
>> 
>> Hello Neil -
>> 
>> You have an incorrect shared secret for a client device and/or proxy RADIUS target.
>> 
>> regards
>> 
>> Hugh
>> 
>> 
>> On 27 Aug 2010, at 11:04, Johnson, Neil M wrote:
>> 
>>> I've just begun getting tools of these error messages in my log files. What does it  mean ?
>>> 
>>> Thu Aug 26 18:20:05 2010: WARNING: Unknown reply received in AuthRADIUS for request 145 from 128.255.6.157:1813
>>> Thu Aug 26 18:20:05 2010: WARNING: Bad authenticator received in reply to ID 149. Reply is ignored
>>> Thu Aug 26 18:20:05 2010: WARNING: Unknown reply received in AuthRADIUS for request 170 from 128.255.6.157:1813
>>> Thu Aug 26 18:20:05 2010: WARNING: Bad authenticator received in reply to ID 150. Reply is ignored
>>> Thu Aug 26 18:20:05 2010: WARNING: Unknown reply received in AuthRADIUS for request 229 from 128.255.6.157:1813
>>> Thu Aug 26 18:20:05 2010: WARNING: Bad authenticator received in reply to ID 156. Reply is ignored
>>> 
>>> Thanks.
>>> 
>>> -Neil
>>> 
>>> --
>>> Neil Johnson
>>> Network Engineer
>>> Information Technology Services
>>> The University of Iowa
>>> Work: 319 384-0938
>>> Mobile: 319 540-2081
>>> Fax: 319 355-2618
>>> E-mail: neil-johnson at uiowa.edu
>>> 
>>> _______________________________________________
>>> radiator mailing list
>>> radiator at open.com.au
>>> http://www.open.com.au/mailman/listinfo/radiator
>> 
>> 
>> 
>> NB: 
>> 
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets), 
>> together with a trace 4 debug showing what is happening?
>> 
>> -- 
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> Includes support for reliable RADIUS transport (RadSec),
>> and DIAMETER translation agent.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>> 
>> 
>> 
> 
> 
> 
> NB: 
> 
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets), 
> together with a trace 4 debug showing what is happening?
> 
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
> 
> 
> 



NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.





More information about the radiator mailing list