[RADIATOR] AuthBy RADIUS and LocalAddress

Alexander Hartmaier alexander.hartmaier at t-systems.at
Mon Aug 19 07:57:17 CDT 2013 

Hi Heikki,

On 2013-08-19 14:22, Heikki Vatiainen wrote:
> On 08/16/2013 02:45 PM, Alexander Hartmaier wrote:
>
>> I've migrated our main Radiator installation to new servers and just
>> faced the problem that an AuthBy RADIUS didn't send a packet out
>> although a trace 4 showed a "Sending to <IPv4>".
>> The Radiator process is bound to some virtual IPs using BindAddress
>> which is different from the old installation where it listened on 0.0.0.0.
> Hello Alexander,
>
> what do you mean by *virtual* IP address in this case. Is it an alias
> address or something else?
The server has two interfaces, both have additional, virtual ip
addresses on both interfaces (eth0:0, eth0:1, eth1:0 and eth1:1 for
IPv4, additional IPv6 addresses on eth0 and eth1).

>
> Also, is that unpatched or patched 4.11?
patched from 2013-06-18
>
>> Adding LocalAddress using the non-virtual IPv4 address of the interface
>> fixed it. Without that a tcpdump shows no packets on neither of the two
>> interfaces.
> LocalAddress should default to BindAddress or 0.0.0.0 if LocalAddress is
> not set explicitly as on option. It also tries to create a socket for
> proxying the requests if no such socket exists already.
And it seems creating that socket fails without on error message.
>
>> Imho that's a bug because sending Radius requests as a Radius client
>> should be decoupled from being a Radius Server.
> Do you think you could provide a minimal configuration file that
> reproduces the problem you see? We would be interested in taking a
> further look at this.
Assuming the radius server has the ip 192.0.2.2 on eth0 and 10.0.0.2 on
eth1 and the virtual ips 192.0.2.10 and 10.0.0.10 as 'service' ips that
should work:

AuthPort        1812
AcctPort        1813

BindAddress     127.0.0.1, 192.0.2.10, ipv6:2001:db8::10, 10.0.0.10

<Handler>
    <AuthBy RADIUS>
        Host 192.0.2.20
        Secret FooBar
        AuthPort 1645
        NoForwardAccounting
        LocalAddress 10.0.0.2 # without this line no radius packet is
sent according to tcpdump
    </AuthBy>
</Handler>

>
> Thanks,
> Heikki
>



*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*

More information about the radiator mailing list