[UPDATE] FreeRADIUS + LVS problem
Sam Schultz
segfault90 at hushmail.com
Fri Feb 23 20:15:44 CET 2007
> According to my research, FreeRADIUS supposedly does work from
behind
> an LVS load balancer. My current configuration works perfectly
> outside of the LVS, but once it is put behind the LVS it ceases
> to work. Connections seem to succeed even behind the LVS, until
> they get to an access challenge, where I get:
>
> rad_recv: Access-Challenge packet from host 192.168.240.111:5058,
> id=42, length=64 Authentication reply packet code 11 sent to a
non-
> proxy reply port from client WPA_Test:5058 - ID 42 : IGNORED
This was actually due to a buggy 3com access point. The real problem
seems to have something to do with the way NAT interacts with
radius.
The Access-Request packets arrive at the backend server just fine:
rad_recv: Access-Request packet from host 192.168.240.172:1031,
id=0, length=209
Sending duplicate reply to client WPA_Test2.med-web.com:1031 - ID: 0
Re-sending Access-Challenge of id 0 to 192.168.240.172 port 1031
The AP's log doesn't show any indications of receiving them, so it
would
appear the problem is in the LVS/NAT, and probably doesn't have
anything
to do with the radius configuration.
Feel free to call me out on this if you have an alternative
explanation.
--
Click for free info on online masters degrees and make $150K/ year
http://tagline.hushmail.com/fc/CAaCXv1S74peFBJxEXqfDuyjOXwTvFQZ/
More information about the Freeradius-Users
mailing list