[SOLVED] FreeRADIUS + LVS problem
Sam Schultz
segfault90 at hushmail.com
Tue Feb 27 19:06:53 CET 2007
Brief Review:
I had a working FreeRADIUS configuration doing EAP-TTLS wireless
authentication that broke when put behind a 1:1 NAT/LVS. No faults
were found in the FreeRADIUS configuration, so the NAT configuration
was suspect. It likewise was found to have no faults (it's just a
single SNAT & a single DNAT rule). After tcpdumping from the
server, I
discovered that FR was receiving requests via the correct
interface/IP,
but trying to send them out of a different (virtual) interface/IP.
Obviously, this won't work, NAT or otherwise. The original test box
was multi-homed, but the interfaces were bonded, so it didn't suffer
from the same problem. The NAT just added an extra layer of
complexity.
The solution was to specifically bind to the correct interface/IP,
just as you would with most daemons on a multi-homed box. This
would seem to further prove that often the solution is simpler than
you'd
think :)
--
Click to learn how to become a world famous writer or poet
http://tagline.hushmail.com/fc/CAaCXv1P6EzvmffHZgm792Hv8Cn74zWV/
More information about the Freeradius-Users
mailing list