[RADIATOR] Radiator and radsecproxy, status-server and failover algo, one step forward
Karl Gaissmaier
karl.gaissmaier at uni-ulm.de
Sun Jul 14 11:02:59 CDT 2013
Am 14.07.2013 17:28, schrieb Karl Gaissmaier:
...
> Worse, it seems that buggy clients with unroutable @Realms trigger
> answers with proxy-state stripped. So I get NoreplyTimeouts for
> any buggy client request and my upstream connections break away.
>
> Seems that all german @Realms in eduroam using Radiator have the same
> problem, because all of them use the same upstream radsecproxy at DFN,
> sigh.
and here is the prove:
> Sun Jul 14 17:49:02 2013 177403: DEBUG: Packet dump:
> *** Sending request to RadSec radius1.dfn.de:2083 ....
> Code: Access-Request
> Identifier: 42
> Authentic: U<182><136><130>!<141><232><175><230>y)<234>4<239>9y
> Attributes:
> User-Name = "uni.ulm.test at akad"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Identifier = "203.63.154.1"
> NAS-Port = 1234
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> NAS-Port-Type = Async
> EAP-Message = <2><0><0><22><1>uni.ulm.test at akad
> Message-Authenticator = <231>+b<159>G<135>2<147><185>$N<192>tw<205>]
> Proxy-State = OSC-Extended-Id=42
>
> Sun Jul 14 17:49:02 2013 199902: DEBUG: ############### UULM DUMP##########
> *** Unmatched Ext-Id in Proxy-State for reply in AuthRADSEC from radius1.dfn.de:2083....
> Code: Access-Reject
> Identifier: 42
> Authentic: <246><223><219>M<179>S<234>VE<26><253><236><25><251>r<17>
> Attributes:
> Reply-Message = "Misconfigured client! Delete spaces at the end of the realm!"
>
again the Proxy-State is stripped, radiator can't match the reply to the
request, we get a NoreplyTimeout and the connection goes down afetr
some retries.
Please test the radiator against radsecproxy in your lab.
Best Regards
Charly
More information about the radiator
mailing list