Looks like a routing issue. Did your old box have some static routes to get back to the router? Are these missing on the new one?
-----Original Message----- From: Entelin [mailto:[EMAIL PROTECTED] Sent: Sunday, 21 March 2004 5:41 PM To: freeradius Subject: Moved radius to a different server with same config and now itsnot working...... I am replacing my current radius server with a new one and have compiled and installed the same version of freeradius and copied over my radbd directory. What happens on the new one is that the router (cisco AS5200) retrys a few times and then fails to auth the user even though freeradius said its sending an accept. I am running version 0.9.2 on both, I tried 0.9.3 on the new one and same result. The old server is running redhat, the new one debian. The old one runs openldap 2.1.22, the new debian server runs 2.0.23. Its also running off a new ldap database though identical, so thats the first thing I suspected, however I changed radius to point to the old server for its ldap and I get the same results. I did an ldap packet capture and it looks the same. Also my other services that use the new database (qmail-ldap,pftp,phpldapadmin) all work with it. Only thing I havent tried yet is to upgrade openldap, but I didnt want to leave the debian stable area if I dident need to. Thanks for your help. Here is a debug from the origonal working one. -------------------------------------------------------- rad_recv: Access-Request packet from host 216.183.100.11:1645, id=19, length 108 NAS-IP-Address = 216.183.100.11 NAS-Port = 28 Cisco-NAS-Port = "Async28" NAS-Port-Type = Async User-Name = "ginac" Called-Station-Id = "1924" Calling-Station-Id = "4807829708" User-Password = "ideletedthis" Service-Type = Framed-User Framed-Protocol = PPP modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 rlm_eap: EAP-Message not found modcall[authorize]: module "eap" returns noop for request 0 rlm_realm: No '@' in User-Name = "ginac", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 users: Matched DEFAULT at 8 modcall[authorize]: module "files" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for ginac radius_xlat: '(uid=ginac)' radius_xlat: 'dc=azquest,dc=com' ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:389, authentication 0 rlm_ldap: bind as cn=Manager,dc=azquest,dc=com/FinallyOrganized! to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: performing search in dc=azquest,dc=com, with filter (uid=ginac) rlm_ldap: checking if remote access for ginac is allowed by dialupAccess rlm_ldap: Added password {MD5}s3JRIsnTv+9WZGGeCOMYdw== in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user ginac authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type Ldap auth: type "LDAP" modcall: entering group Auth-Type for request 0 rlm_ldap: - authenticate rlm_ldap: login attempt by "ginac" with password "ideletedthis" rlm_ldap: user DN: uid=ginac,ou=Lennar,ou=azqaccounts,dc=azquest,dc=com rlm_ldap: (re)connect to localhost:389, authentication 1 rlm_ldap: bind as uid=ginac,ou=Lennar,ou=azqaccounts,dc=azquest,dc=com/ideletedthis to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: user ginac authenticated succesfully modcall[authenticate]: module "ldap" returns ok for request 0 modcall: group Auth-Type returns ok for request 0 Sending Access-Accept of id 19 to 216.183.100.11:1645 Framed-MTU = 576 Service-Type = Framed-User Framed-Protocol = PPP Framed-Routing = Broadcast-Listen Framed-Compression = Van-Jacobson-TCP-IP Finished request 0 This is a debug of the new not working one. ------------------------------------------------------------------------ ----- rad_recv: Access-Request packet from host 216.183.100.11:1645, id=18, length=108 NAS-IP-Address = 216.183.100.11 NAS-Port = 26 Cisco-NAS-Port = "Async26" NAS-Port-Type = Async User-Name = "ginac" Called-Station-Id = "1924" Calling-Station-Id = "4807829708" User-Password = "ideletedthis" Service-Type = Framed-User Framed-Protocol = PPP modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 rlm_eap: EAP-Message not found modcall[authorize]: module "eap" returns noop for request 6 rlm_realm: No '@' in User-Name = "ginac", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 users: Matched DEFAULT at 8 modcall[authorize]: module "files" returns ok for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_ldap: - authorize rlm_ldap: performing user authorization for ginac radius_xlat: '(uid=ginac)' radius_xlat: 'dc=azquest,dc=com' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=azquest,dc=com, with filter (uid=ginac) rlm_ldap: checking if remote access for ginac is allowed by dialupAccess rlm_ldap: Added password {MD5}s3JRIsnTv+9WZGGeCOMYdw== in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user ginac authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 6 modcall: group authorize returns ok for request 6 rad_check_password: Found Auth-Type Ldap auth: type "LDAP" modcall: entering group Auth-Type for request 6 rlm_ldap: - authenticate rlm_ldap: login attempt by "ginac" with password "ideletedthis" rlm_ldap: user DN: uid=ginac,ou=Lennar,ou=azqaccounts,dc=azquest,dc=com rlm_ldap: (re)connect to 216.183.100.12:389, authentication 1 rlm_ldap: bind as uid=ginac,ou=Lennar,ou=azqaccounts,dc=azquest,dc=com/ideletedthis to 216.183.100.12:389 rlm_ldap: waiting for bind result ... rlm_ldap: user ginac authenticated succesfully modcall[authenticate]: module "ldap" returns ok for request 6 modcall: group Auth-Type returns ok for request 6 Sending Access-Accept of id 18 to 216.183.100.11:1645 Framed-MTU = 576 Service-Type = Framed-User Framed-Protocol = PPP Framed-Routing = Broadcast-Listen Framed-Compression = Van-Jacobson-TCP-IP Finished request 6 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 216.183.100.11:1645, id=18, length=108 Sending duplicate reply to client isdn-0:1645 - ID: 18 Re-sending Access-Accept of id 18 to 216.183.100.11:1645 --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 6 ID 18 with timestamp 405e34fa Nothing to do. Sleeping until we see a request. Here is a "sh radius statistics" when its not working ---------------------------------------------------------- isdn-0#sh radius statistics Maximum inQ length: 1 Maximum waitQ length: 1 Maximum doneQ length: 1 Total responses seen: 58 Packets with responses: 0 <--- this should be incrementing Packets without responses: 15 Average response delay: 0 ms Maximum response delay: 0 ms Number of Radius timeouts: 60 Duplicate ID detects: 0 -- Entelin <[EMAIL PROTECTED]> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html NOTICE This e-mail and any attachments are confidential and may contain copyright material of Macquarie Bank or third parties. If you are not the intended recipient of this email you should not read, print, re-transmit, store or act in reliance on this e-mail or any attachments, and should destroy all copies of them. Macquarie Bank does not guarantee the integrity of any emails or any attached files. The views or opinions expressed are the author's own and may not reflect the views or opinions of Macquarie Bank. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
