Freeradius / NAS issue
Andy Billington
billington.andy at googlemail.com
Wed Aug 8 21:30:15 CEST 2007
Thanks Alan - that last point was what I wanted to confirm before
going to the NAS owner to request they start looking. As you've said,
teh RADIUS server sends out packets and they hit the network - if
routing / network was the cause if this, none of the auth responses
would get through. I'm trying disabling accounting for the moment,
using Listen, to squash accounting related error messages. Cant enable
debug for another two hours when the various test sites will finally
close for the day and I can restart without impacting the sites that
do work.
The NAS and RADIUS servers are both doing auth and accounting, same
IPs and same shared secrets (although different ports obviously).
Again, if auth works for some sites - even if not for others - the
shared secret must be correct, no?
Sorry for asking what probably seem like basic questions but want to
be sure of myself :-)
Andy
On 08/08/2007, Alan DeKok <aland at deployingradius.com> wrote:
> Andy Billington wrote:
> > debug didnt seem a likely source of info given that this is a server
> > that has been functionig without incident for six months and no
> > changes have been made to its config. I have been looking at network /
> > routing issues but couldnt figure out why some sites would work and
> > not others, if it was network / routing?
>
> If the RADIUS server sends packets, it's done with RADIUS. After
> that, check that the packets make it onto the local network, to the next
> router, etc.
>
> > Surely all would work, or none, if it was that ie. the NAS woudl
> > reject all transactions not just some of them? Not that interested in
> > accounting packet problems except as an explanation of why sessions
> > are dropping _in some cases_ but not in all; the authentication
> > traffic seems to be fine.
>
> If all of the authentication traffic is OK, and accounting doesn't
> work, then the accounting shared secrets are likely wrong.
>
> > Is there any network / routing related reason why a NAS would accept
> > some FR responses but not others?
>
> If a NAS accepts one Access-Accept from a server, it should accept
> them all. If it accepts on Accounting-Response from a server, it should
> accept them all.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list