EAP packets from 2 different upstream servers
Alex Sharaz
alex.sharaz at york.ac.uk
Mon Sep 18 16:53:56 CEST 2017
They come because the packets for one EAP session are arriving from two
different upstream home servers.
Yup, know that, just want some info as to which upstream boxes they're
coming from
1). These boxes are our ORPS boxes and primary upstream boxes are the JISC
NRPS servers.
2). Or our Council has 1 RADIUS server that handles eduroam in York City
Centre
3). Our our clearpass cluster that handles internal auths and does its own
load balancing between our ORPS boxes.
Was hoping that debug mode would tell me a bit about what was happening ..
unless I need super debug mode !
>Running in debug mode shouldn't change the behaviour of the upstream
servers.
Granted ... but when I look in the normal radius.log and see the warning
message and run raddebug at the same time and in the same time interval
using
raddebug -d /etc/freeradius -t 900 > ./alex.log &
andthe radius log shows the message and the raddebug output doesn't ...
not sure how I'm supposed to see what is going on.
A
On 18 September 2017 at 15:31, Alan DeKok <aland at deployingradius.com> wrote:
> On Sep 18, 2017, at 10:11 AM, Alex Sharaz <alex.sharaz at york.ac.uk> wrote:
> >
> > I'm seeing quite a few
> > Mon Sep 18 15:02:40 2017 : Warning: EAP packets are arriving from two
> > different upstream servers. Has there been a proxy fail-over?
> >
> > messages on my ORPS servers and I'm trying to find out where they come
> > from.
>
> They come because the packets for one EAP session are arriving from two
> different upstream home servers.
>
> i.e. packet 1 comes from upstream A, and packet 2 comes from upstream B.
>
> This usually indicates that the upstreams are broken, and failover over
> in stupid ways. Or, a server C is doing load-balancing across upstream
> server A and B, but isn't paying attention to the EAP state.
>
> They SHOULD be load-balancing based on something common to all of the
> EAP packets, like Calling-Station-ID.
>
> Or... maybe there are networking issues between your server and upstream
> server C. So server C thinks your site is down, and tries to fail-over to
> another path.
>
> > However, when I try running FR in degug mode I never see the above
> errors.
>
> Running in debug mode shouldn't change the behaviour of the upstream
> servers.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
More information about the Freeradius-Users
mailing list