Jeff Palmer <[EMAIL PROTECTED]> wrote:
> The problem:
> Cistron radius works. Call comes in, user/password is sent from NAS to
> radius, radius replies "OK" call connects.
> Freeradius doesn't work. Call comes in, user/password is sent from NAS to
> radius, radius replies "OK" NAS says "Call terminated" and drops the call.
The simplest way to see what's going on is to look at the packets
sent from Cistron and FreeRADIUS.
- ensure that all the same RADIUS attributes are in both packets,
in the same order
- ensure that the attributes have all the same values
- ensure that the IP address of the reply packet is the one that the
NAS sends the packet to.
If all of those conditions are satisfied, then the NAS *must* treat
both packets in the same way, and therefore both servers, too.
There is NOTHING magic about one server versus another. The ONLY
information the NAS sees is in the RADIUS packet.
> The suggestions I recieved last time I posted:
...
> - Check tpdump/ethereal and compare attributes/replies
> I had already though of that, output to/from both versions of radius are
> nearly identical, both send back the same attributes and the Access-Accept
> reply.
Nearly identical isn't good enough. The difference is what's
killing you.
> - Check the FAQ about radius servers with multiple IP's
> I have gone through the FAQ a thousand times. This one doesn't apply. My
> radius server only has one IP. However, I tried the suggestion anyway,
> with identical results.
Then that's not the problem.
> Any further help or suggestions would be MUCH appreciated. Cistron does
> the job, but I've got plans to offer new features/services that I will not
> be able to use Cistron for.
Make the response packets identical. Nothing else will work.
Heck, post the response packets from Cistron & FreeRADIUS to the
list. Odds are I may be able to figure out what's wrong, just from
that.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
