[RADIATOR] (no subject)
Traiano Welcome
Traiano.Welcome at mtnbusiness.co.za
Fri May 18 19:15:39 CDT 2012
Hi List
I have a a 'cluster' of 5 Radiator radius servers behind a FreeBSD server running Radiator in load balancing configuration. The radius servers behind the load balancer do authentication and accounting, 4 of them are freebsd running in vmware VMs and the fifth is a CentOS physical host. While I see the FreeBSD radius auth/acct servers are handling requests correctly, logging accounting to a postgresql database, I am seeing all the accounting requests proxied via the load-balancer to the CentOS host fail with the following error in the logs:
---
Sat May 19 00:50:51 2012: WARNING: Bad authenticator in request from lo.ad.bal.ancer (na.s.100.20)
Sat May 19 00:50:51 2012: WARNING: Bad authenticator in request from lo.ad.bal.ancer (na.s.100.20)
Sat May 19 00:50:51 2012: WARNING: Bad authenticator in request from lo.ad.bal.ancer (na.s.0.100)
Sat May 19 00:50:52 2012: WARNING: Bad authenticator in request from lo.ad.bal.ancer (na.s.0.100)
---
No accounting packets are being logged to the postgresql database on the CentOS host, as a consequence (?)
Normally I would expect this to be due to a mismatch in secrets between the NAS (here being the Radiator load balancer?) and the auth'ing/accounting radiator server, however the secret configured on the freebsd server is identical to that on the CentOS host and the radiator load balancer, and the FreeBSD radius server is auth'ing and accounting successfully.
Running tcpdump on each system, I can see the following:
- The FreeBSD load-balancer is sending accounting requests to the CentOS load balancer, but is seeing no responses in return
- The CentOS auth/acct server is seeing requests from the load-balancer is not sending accounting response packets back to the load balancer
- The FreeBSD auth/acct server is happily receiving accounting requests and sending responses from the load-balancer
So free flow of radius packets between the load-balancer and the CentOS radiator server is unlikely to be the issues ... After, all, no responses are being sent out by the CentOS host in the first place.
The details of the load balancer and the two radius accounting/auth servers behind it are as follows:
1) FreeBSD Load Balancer server (Radiator Configured as a load balancer)
- FreeBSD 8.2-RELEASE-p6 #0
- PERL (v5.12.4) built for amd64-freebsd
- p5-Digest-MD5-2.51
2) FreeBSD Radiator server handling RADIUS packets from the Load Balancer (Radiator configured to auth from and account to a local postgresql database)
- FreeBSD 8.2-RELEASE-p4 #2
- PERL (v5.12.4) built for amd64-freebsd-thread-multi
- postgres (PostgreSQL) 8.4.10
- p5-Digest-MD5-2.51
3) CentOS Radiator Server handling RADIUS packets from the Load Balancer (Radiator configured to auth from and account to a local postgresql database)
- CentOS release 6.2 (Final), 2.6.32-220.el6.x86_64 #1 SMP
- v5.10.1 (*) built for x86_64-linux-thread-multi
- (PostgreSQL) 8.4.10
- Digest::MD5 (2.51)
- perl-Net-SSLeay-1.35-9.el6.x86_64
- perl-Digest-HMAC-1.01-22.el6.noarch
- perl-DBI-1.609-4.el6.x86_64
- perl-DBD-Pg-2.15.1-3.el6.x86_64
Attached are the radiator configurations for each of the above servers:
1. My FreeBSD Load balancer's Radiator configuration:
2. The Radiator configuration on a working freebsd server:
3. The Radiator configuration on the CentOS server:
I've tried the following tests to confirm if this isn't a software/library issue:
- reinstalled postgresql, Radiator and the associated PERL libraries a number of times, testing different combinations of package versions - no luck
- tried CPAN perl libraries instead of the centos yum perl modules
- installed radiator from source and using the rpm package
- tried radiator 4.8 and 4.9
- Postgresl 8.4 and 9.2 from source and rpm
- Confirmed database connectivity between Radiator and Postgresql
- Upping the radiator Trace level to 5 doesn't reveal any actual details of possible cause of failure other than a dump of the radius accounting-request packet (that I can recognise anyway :p)
I'd be grateful if someone could point out a likely cause of the CentOS Radiator servers non-response to accounting-requests, or suggest some additional detailed debugging techniques I could use?
Let me know if I should send some packet traces in addition to the above!
Many Thanks in advance!
Traiano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freebsd-auth-acct-host-radiusd.cfg
Type: application/octet-stream
Size: 1374 bytes
Desc: freebsd-auth-acct-host-radiusd.cfg
Url : http://www.open.com.au/pipermail/radiator/attachments/20120519/bdc1a472/attachment.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freebsd-load-balancer-radiator.cfg
Type: application/octet-stream
Size: 2111 bytes
Desc: freebsd-load-balancer-radiator.cfg
Url : http://www.open.com.au/pipermail/radiator/attachments/20120519/bdc1a472/attachment-0001.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: centos-host-radiusd.cfg
Type: application/octet-stream
Size: 1385 bytes
Desc: centos-host-radiusd.cfg
Url : http://www.open.com.au/pipermail/radiator/attachments/20120519/bdc1a472/attachment-0002.obj
More information about the radiator
mailing list