Freeradius / NAS issue

[Andy Billington]

hi Ivan,
Just been able to restart witout affecting working sites, have started
using -X and am seeing lots of info; for a start its binding to
correct IP (which counters the multi-home issue i was concerned
about). The sites that have probs are all reporting RADIUS ok, my
query / concern is that why do some work and not others? Surely if it
was routing / network stuff, none would work or all would work; unless
the NAS is not behaving?

Was thinking about setting up another FR instance, separate IP and
with just pure text (users) info but am not sure - what concerns me is
seeing a few mails that have same symptoms (connect starts, then
restarts after 10s) from other users but they dont seem to have got
working. Have I upgraded FR (apt-get etc) and broken my config :(
which I'm sure isnt true. Woudl setting up second FR be overkill,
given stuff is working for other sites?

Andy

On 08/08/2007, tnt at kalik.co.yu <tnt at kalik.co.yu> wrote:
> The best way to verify this is to look at the debug (radiusd -X) for the
> requests coming from the sites that have a problem.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 8/8/2007, "Andy Billington" <billington.andy at googlemail.com> piše:
>
> >Thanks Alan - that last point was what I wanted to confirm before
> >going to the NAS owner to request they start looking. As you've said,
> >teh RADIUS server sends out packets and they hit the network - if
> >routing / network was the cause if this, none of the auth responses
> >would get through. I'm trying disabling accounting for the moment,
> >using Listen, to squash accounting related error messages. Cant enable
> >debug for another two hours when the various test sites will finally
> >close for the day and I can restart without impacting the sites that
> >do work.
> >
> >The NAS and RADIUS servers are both doing auth and accounting, same
> >IPs and same shared secrets (although different ports obviously).
> >Again, if auth works for some sites - even if not for others - the
> >shared secret must be correct, no?
> >
> >Sorry for asking what probably seem like basic questions but want to
> >be sure of myself :-)
> >
> >Andy
> >
> >
> >On 08/08/2007, Alan DeKok <aland at deployingradius.com> wrote:
> >> Andy Billington wrote:
> >> > debug didnt seem a likely source of info given that this is a server
> >> > that has been functionig without incident for six months and no
> >> > changes have been made to its config. I have been looking at network /
> >> > routing issues but couldnt figure out why some sites would work and
> >> > not others, if it was network / routing?
> >>
> >>   If the RADIUS server sends packets, it's done with RADIUS.  After
> >> that, check that the packets make it onto the local network, to the next
> >> router, etc.
> >>
> >> > Surely all would work, or none, if it was that ie. the NAS woudl
> >> > reject all transactions not just some of them? Not that interested in
> >> > accounting packet problems except as an explanation of why sessions
> >> > are dropping _in some cases_ but not in all; the authentication
> >> > traffic seems to be fine.
> >>
> >>   If all of the authentication traffic is OK, and accounting doesn't
> >> work, then the accounting shared secrets are likely wrong.
> >>
> >> > Is there any network / routing related reason why a NAS would accept
> >> > some FR responses but not others?
> >>
> >>   If a NAS accepts one Access-Accept from a server, it should accept
> >> them all.  If it accepts on Accounting-Response from a server, it should
> >> accept them all.
> >>
> >>   Alan DeKok.
> >> -
> >> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >>
> >-
> >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >
> >
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>