[RADIATOR] Is StatusServer broken in 4.19 and latest patches?

Heikki Vatiainen hvn at open.com.au
Tue Aug 8 09:15:51 UTC 2017


On 8.8.2017 11.46, Karl Gaissmaier wrote:

> just as info before I'll do more debugging.
> 
> StatusServer seems to be broken in 4.19 and latest patches applies at 
> least here at Ulm University.

Quick check: does the upstream add Message-Authenticator attribute in 
Status-Server requests and do they accept Message-Authenticator in replies?

Since Message-Authenticator uses the shared secret, is the secret 
correct in case you have, for example, a separate monitoring going on 
somewhere where there is no other traffic.

> I had to go back in panic to 4.17, since my eduroam upstream with the 
> germany NREN stopped talking to me and a quick local test showed me, 
> that something is wrong with StatusServer in Radiator 4.19.

There have been changes in Status-Server handling where the requirement 
of Message-Authenticator is likely the main thing that could cause drops.

> More tests will follow but maybe it is already helpful for you and you 
> can look at your release tests too.

I'll check. One more question: is it over RADIUS or RadSec where you see 
the problem?

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, 
NetWare etc.


More information about the radiator mailing list