[RADIATOR] EAPBALANCE and multiple RADIATOR proxies.
Heikki Vatiainen
hvn at open.com.au
Wed May 15 15:00:05 CDT 2013
On 05/15/2013 02:49 AM, Johnson, Neil M wrote:
> It appears that you can't chain RADIATOR servers that are using EAPBALANCE.
>
> I have been running into issues with eduroam users not being able to
> connect at off campus locations and the issue seems to be result of the
> eduroam TLRS trying to use EAPBALANCE to spread the load between my two
> RADIUS servers, which are using EAPBALANCE to spread the load between
> multiple local processes.
>
> The problem is that either the NAS or RADIUS servers at the remote site
> do not return the State attribute, or that since there is only one state
> attribute allowed in a Access-Challenge that it confuses the servers
> running EAPBALANCE.
Hopefully it is not related to remote site returning State attribute.
That would be quite problematic and I think some RADIUS/EAP servers rely
on State attribute for EAP to work at all.
It might be related handling multiple State attributes. Maybe they get
reordered or just one gets forwarded by intermediate proxies or the
remote site client (wlan controller etc.) just returns one State.
Hmm, I wonder if using HASHBALANCE with State as HashAttributes value
would work here.
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list