[RADIATOR] Is StatusServer broken in 4.19 and latest patches?

Karl Gaissmaier karl.gaissmaier at uni-ulm.de
Tue Aug 8 09:36:25 UTC 2017

Hi Heikki,

Am 08.08.2017 um 11:15 schrieb Heikki Vatiainen:
> On 8.8.2017 11.46, Karl Gaissmaier wrote:
>> just as info before I'll do more debugging.
>> StatusServer seems to be broken in 4.19 and latest patches applies at 
>> least here at Ulm University.
> Quick check: does the upstream add Message-Authenticator attribute in 
> Status-Server requests and do they accept Message-Authenticator in 
> replies?

nothing has changed at the upstream since I upgraded yesterday, here you 
see it after I switched back to 4.17:

Tue Aug  8 09:07:43 2017 099341: DEBUG: Packet dump:
*** Received from 193.174.XX.YY port 33333 ....
Code:       Status-Server
Identifier: 0
Authentic: <230>)t<226><6><166><174><232><20>$<9>O<184>vfB
     Message-Authenticator = 
Tue Aug  8 09:07:43 2017 099988: DEBUG: Packet dump:

*** Sending reply to RadSec ....
Code:       Access-Accept
Identifier: 0
Authentic: <230>)t<226><6><166><174><232><20>$<9>O<184>vfB
     Reply-Message = "Radiator Radius server version 4.17"
     Reply-Message = "Running on mizar since Tue Aug  8 09:05:44 2017"

> Since Message-Authenticator uses the shared secret, is the secret 
> correct in case you have, for example, a separate monitoring going on 
> somewhere where there is no other traffic.

yes, nothing changed
>> I had to go back in panic to 4.17, since my eduroam upstream with the 
>> germany NREN stopped talking to me and a quick local test showed me, 
>> that something is wrong with StatusServer in Radiator 4.19.
> There have been changes in Status-Server handling where the 
> requirement of Message-Authenticator is likely the main thing that 
> could cause drops.
>> More tests will follow but maybe it is already helpful for you and 
>> you can look at your release tests too.
> I'll check. One more question: is it over RADIUS or RadSec where you 
> see the problem?

both, I've local checks with nagios, personally scripted with 
Authen::Radius, stopped working too, and remote via Server RADSEC from 
the german NREN.

Thanks for help. Great service, as always!

Best Regards

Karl Gaissmaier
Universität Ulm
kiz, Kommunikations und Informationszentrum
89069 Ulm
Tel.: 49(0)731/50-22499
Fax : 49(0)731/50-12-22499

More information about the radiator mailing list