[UPDATE] FreeRADIUS + LVS problem

Sam Schultz segfault90 at hushmail.com
Fri Feb 23 20:15:44 CET 2007

> According to my research, FreeRADIUS supposedly does work from 
> an LVS load balancer.  My current configuration works perfectly
> outside of the LVS, but once it is put behind the LVS it ceases 
> to work.  Connections seem to succeed even behind the LVS, until 
> they get to an access challenge, where I get:
> rad_recv: Access-Challenge packet from host,
> id=42, length=64 Authentication reply packet code 11 sent to a 
> proxy reply port from client WPA_Test:5058 - ID 42 : IGNORED

This was actually due to a buggy 3com access point. The real problem
seems to have something to do with the way NAT interacts with 
The Access-Request packets arrive at the backend server just fine:

rad_recv: Access-Request packet from host, 
id=0, length=209
Sending duplicate reply to client WPA_Test2.med-web.com:1031 - ID: 0
Re-sending Access-Challenge of id 0 to port 1031

The AP's log doesn't show any indications of receiving them, so it 
appear the problem is in the LVS/NAT, and probably doesn't have 
to do with the radius configuration.

Feel free to call me out on this if you have an alternative 

Click for free info on online masters degrees and make $150K/ year

More information about the Freeradius-Users mailing list