[RADIATOR] AuthBy RADIUS and LocalAddress

Heikki Vatiainen hvn at open.com.au
Mon Aug 19 08:44:47 CDT 2013 

On 08/19/2013 03:57 PM, Alexander Hartmaier wrote:

>> LocalAddress should default to BindAddress or 0.0.0.0 if LocalAddress is
>> not set explicitly as on option. It also tries to create a socket for
>> proxying the requests if no such socket exists already.
> And it seems creating that socket fails without on error message.

If you run it with DEBUG, you should see a message like this:

  DEBUG: AuthBy RADIUS creates new local socket '127.0.0.1:0' for
  sending requests

This is with the configuration you have attached. I think it also tells
what the problem is. The first IP is used for the source address for
proxying.

You could consider reordering BindAddress to have the desired outgoing
IP first, or maybe better, specify LocalAddress since you seem to have
special requirements.

> Assuming the radius server has the ip 192.0.2.2 on eth0 and 10.0.0.2 on
> eth1 and the virtual ips 192.0.2.10 and 10.0.0.10 as 'service' ips that
> should work:

Thanks for the configuration. As I mentioned above, I get 127.0.0.1 as
the source address if LocalAddress is commented out. This is the
intended behaviour, see e.g. LocalAddress in ref.pdf. Currently Radiator
always binds the local address when creating a socket for proxying.

> AuthPort        1812
> AcctPort        1813
> 
> BindAddress     127.0.0.1, 192.0.2.10, ipv6:2001:db8::10, 10.0.0.10

127.0.0.1 is the first address and thus the source address for AuthBy
RADIUS unless LocalAddress is defined.

> <Handler>
>     <AuthBy RADIUS>
>         Host 192.0.2.20
>         Secret FooBar
>         AuthPort 1645
>         NoForwardAccounting
>         LocalAddress 10.0.0.2 # without this line no radius packet is
> sent according to tcpdump
>     </AuthBy>
> </Handler>


Thanks,
Heikki


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list