Possible FreeBSD Jail problem, or other bug in/with FreeRADIUS 2.0.0-pre2

Alan DeKok aland at deployingradius.com
Mon Sep 3 10:52:27 CEST 2007


Scott Lambert wrote:
> I decided to simplify and try just using radclient from the new server
> and leaving the FreeRADIUS daemon out of it.  That also gets replies but
> radclient throws them out because it doesn't think it sent the request.

  Ok.  Both the server and radclient now use the same code to match
replies to requests, so it's expected that they will have the same issues.

> I suspect that the jail has a lot to do with the problem.

  Try running a test system outside of the jail.  If that works, then
the problem will at least be narrowed down to the jail.

>  If it can't
> be worked around, I'm in trouble.  In that case I'll try to take it
> up with the FreeBSD developers to see if they have any ideas, while I
> scrounge up some seperate hardware to run FreeRADIUS on.

  Or, just install & run it outside of the jail.

> tcpdump of the request:
...

  That looks OK.

  Another option is to instrument src/lib/packet.c, function
lrad_packet_cmp().  Have it print out WHAT it's comparing, and WHEN it's
returning.  You'll get a lot of spurious output, but you'll also find
out why the reply isn't being matched to a request.

  It may be that the client is binding to one IP address, and the reply
is sent (and seen as received by) another IP address.

  Alan DeKok.



More information about the Freeradius-Users mailing list