Freeradius / NAS issue
tnt at kalik.co.yu
tnt at kalik.co.yu
Wed Aug 8 23:20:30 CEST 2007
The best way to verify this is to look at the debug (radiusd -X) for the
requests coming from the sites that have a problem.
Ivan Kalik
Kalik Informatika ISP
Dana 8/8/2007, "Andy Billington" <billington.andy at googlemail.com> piše:
>Thanks Alan - that last point was what I wanted to confirm before
>going to the NAS owner to request they start looking. As you've said,
>teh RADIUS server sends out packets and they hit the network - if
>routing / network was the cause if this, none of the auth responses
>would get through. I'm trying disabling accounting for the moment,
>using Listen, to squash accounting related error messages. Cant enable
>debug for another two hours when the various test sites will finally
>close for the day and I can restart without impacting the sites that
>do work.
>
>The NAS and RADIUS servers are both doing auth and accounting, same
>IPs and same shared secrets (although different ports obviously).
>Again, if auth works for some sites - even if not for others - the
>shared secret must be correct, no?
>
>Sorry for asking what probably seem like basic questions but want to
>be sure of myself :-)
>
>Andy
>
>
>On 08/08/2007, Alan DeKok <aland at deployingradius.com> wrote:
>> Andy Billington wrote:
>> > debug didnt seem a likely source of info given that this is a server
>> > that has been functionig without incident for six months and no
>> > changes have been made to its config. I have been looking at network /
>> > routing issues but couldnt figure out why some sites would work and
>> > not others, if it was network / routing?
>>
>> If the RADIUS server sends packets, it's done with RADIUS. After
>> that, check that the packets make it onto the local network, to the next
>> router, etc.
>>
>> > Surely all would work, or none, if it was that ie. the NAS woudl
>> > reject all transactions not just some of them? Not that interested in
>> > accounting packet problems except as an explanation of why sessions
>> > are dropping _in some cases_ but not in all; the authentication
>> > traffic seems to be fine.
>>
>> If all of the authentication traffic is OK, and accounting doesn't
>> work, then the accounting shared secrets are likely wrong.
>>
>> > Is there any network / routing related reason why a NAS would accept
>> > some FR responses but not others?
>>
>> If a NAS accepts one Access-Accept from a server, it should accept
>> them all. If it accepts on Accounting-Response from a server, it should
>> accept them all.
>>
>> Alan DeKok.
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list