[RADIATOR] Missing info from error message
Johnson, Neil M
neil-johnson at uiowa.edu
Wed Nov 27 11:01:43 CST 2013
It does appear that there are issues cascading RADIATOR servers that are
all using <AuthBy EAPBALANCE> because the RADIUS "State" attribute used to
track the EAP conversations gets mangled as the message progresses through
the chain of servers.
To make things work with the US NTLRS servers they graciously stopped
using EAPBALANCE to load balance between our servers and moved to a
traditional primary/backup model, but obviously I can't ask everyone to do
that :-).
The RADIATOR folks recommended I try HASHBALANCE instead, but I like the
extra assurance that EAP conversations don't get broken up.
I'm not exactly sure how to solve the issue. Would it be possible for
RADIATOR to treat the State attribute as a stack and "push" the Id onto
attribute and then "pop" it off as it goes back and forth through the
chain of servers?
-Neil
--
Neil Johnson
Network Engineer
The University of Iowa
Phone: +1 319 384-0938 <tel:+13193840938>
Fax: +1 319 335-2951 <tel:+13193352951>
E-Mail: neil-johnson at uiowa.edu
Lync: neil-johnson at uiowa.edu <sip:neil-johnson at uiowa.edu>
On 11/26/13 9:27 AM, "Jethro R Binks" <jethro.binks at strath.ac.uk> wrote:
>On Tue, 26 Nov 2013, Jethro R Binks wrote:
>
>> Tue Nov 26 08:35:42 2013: WARNING: ProxyAlgorithm EAPBALANCE declines
>>to break up an EAP stream after detecting failure of Host ::
>> Tue Nov 26 08:35:49 2013: WARNING: ProxyAlgorithm EAPBALANCE declines
>>to break up an EAP stream after detecting failure of Host ::
>> Tue Nov 26 08:35:57 2013: WARNING: ProxyAlgorithm EAPBALANCE declines
>>to break up an EAP stream after detecting failure of Host ::
>...
>> Is this short thread relevant I wonder:
>>
>> http://www.open.com.au/pipermail/radiator/2013-May/019100.html
>
>Oh my word. I looked to see what external visitors were trying to
>authenticate at the around times we were seeing the error. Found one
>common one .. and oh look, it happens to be an @uiowa.edu person, the
>same
>site as that message from Neil Johnson. What are the chances of that;
>but
>I was suddenly inspired to just have a look.
>
>Not sure what that tells us though!
>
>Jethro.
>
>. . . . . . . . . . . . . . . . . . . . . . . . .
>Jethro R Binks, Network Manager,
>Information Services Directorate, University Of Strathclyde, Glasgow, UK
>
>The University of Strathclyde is a charitable body, registered in
>Scotland, number SC015263.
>_______________________________________________
>radiator mailing list
>radiator at open.com.au
>http://www.open.com.au/mailman/listinfo/radiator
More information about the radiator
mailing list