radiusd only sending a NAK after a retransmission

Jeremy M. Guthrie jeremy.guthrie at cdw.com
Wed Apr 29 14:21:37 CEST 2009


Sorry for the resend but I didn't get anything back.  Does anyone have any 
ideas?

On Tuesday 21 April 2009, Jeremy M. Guthrie wrote:
> We are having an issue with failed logins with FreeRADIUS.  The problem is
> that FreeRADIUS doesn't appear to actually send a RADIUS Reject until the
> second authentication request comes in.  I have an IOS Router
> authenticating ssh logins against freeradius.  The example packets above I
> am using a static username/password in the users file.  I see that if I
> enter the wrong password, radiusd doesn't send a NAK until the IOS router
> transmits the request.  There are not any delay issues with ACKs coming out
> of freeradius.
>
> TCP Dump output:
> 10:38:22.703456 IP 172.16.1.8.1645 > 172.16.2.60.1645: RADIUS, Access
> Request (1), id: 0xf1 length: 103
> 10:38:38.008371 IP 172.16.1.8.1645 > 172.16.2.60.1645: RADIUS, Access
> Request (1), id: 0xf1 length: 103
> 10:38:38.008588 IP 172.16.2.60.1645 > 172.16.1.8.1645: RADIUS, Access
> Reject (3), id: 0xf1 length: 20
>
> Does this sound familiar to anyone?  Ideas?



-- 

--------------------------------------------------
Jeremy M. Guthrie           jeremy.guthrie at cdw.com
Hosting and Managed Services
Managed Cisco Security Services
Technical Architect            Phone: 608-298-1061
CDW                              Fax: 608-288-3007
5520 Research Park Drive         NOC: 608-298-1102
Madison, WI 53711       NOC Email: hmshelp at cdw.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090429/02201206/attachment.pgp>


More information about the Freeradius-Users mailing list