Initial access requests getting dropped, successive requests succeed
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Fri Mar 31 17:35:14 CEST 2017
> On Mar 31, 2017, at 10:27 AM, Alan DeKok <aland at deployingradius.com> wrote:
>
> On Mar 31, 2017, at 10:01 AM, Jeremy Stretch via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>> As an isolated test, I have a Juniper switch configured to authenticate to
>> one of the FreeRADIUS servers, which in turn authenticates against one
>> backend LDAP server. When I try to log into the switch, tcpdump on the
>> RADIUS server confirms that it receives an Access-Request packet. I've
>> stopped the normal daemon and am running `freeradius -X` on the server, but
>> it prints only a single line in response to the Access-Request:
>>
>> Ready to process requests.
>>
>> It prints this same line each time a request is dropped.
>
> That means that the OS told FR there was a packet, but when it tried to read the packet, there was no RADIUS packet.
>
> If it was from an unknown client, it would print that. If it was a malformed packet, it would print that. So something else is going on.
It might be RPF causing the issue. I vaguely remember this being a symptom of that, but I could be incorrect.
http://stackoverflow.com/questions/31000939/disable-reverse-path-filtering-from-linux-kernel-space
Simple to check...
-Arran
Arran Cudbard-Bell
FreeRADIUS Core Developer
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170331/441dc4c0/attachment.sig>
More information about the Freeradius-Users
mailing list