They are both on the same switch and can both communicate with each other. On Sun, 2004-03-21 at 18:44, Tarun Bhushan wrote: > Looks like a routing issue. Did your old box have some static routes to > get back to the router? Are these missing on the new one? > > -----Original Message----- > From: Entelin [mailto:[EMAIL PROTECTED] > Sent: Sunday, 21 March 2004 5:41 PM > To: freeradius > Subject: Moved radius to a different server with same config and now > itsnot working...... > > > I am replacing my current radius server with a new one and have compiled > and installed the same version of freeradius and copied over my radbd > directory. What happens on the new one is that the router (cisco AS5200) > retrys a few times and then fails to auth the user even though > freeradius said its sending an accept. I am running version 0.9.2 on > both, I tried 0.9.3 on the new one and same result. The old server is > running redhat, the new one debian. The old one runs openldap 2.1.22, > the new debian server runs 2.0.23. Its also running off a new ldap > database though identical, so thats the first thing I suspected, however > I changed radius to point to the old server for its ldap and I get the > same results. I did an ldap packet capture and it looks the same. Also > my other services that use the new database > (qmail-ldap,pftp,phpldapadmin) all work with it. Only thing I havent > tried yet is to upgrade openldap, but I didnt want to leave the debian > stable area if I dident need to. > > Thanks for your help. > > Here is a debug from the origonal working one. > -------------------------------------------------------- > rad_recv: Access-Request packet from host 216.183.100.11:1645, id=19, > length > 108 > NAS-IP-Address = 216.183.100.11 > NAS-Port = 28 > Cisco-NAS-Port = "Async28" > NAS-Port-Type = Async > User-Name = "ginac" > Called-Station-Id = "1924" > Calling-Station-Id = "4807829708" > User-Password = "ideletedthis" > Service-Type = Framed-User > Framed-Protocol = PPP > modcall: entering group authorize for request 0 > modcall[authorize]: module "preprocess" returns ok for request 0 > modcall[authorize]: module "chap" returns noop for request 0 > rlm_eap: EAP-Message not found > modcall[authorize]: module "eap" returns noop for request 0 > rlm_realm: No '@' in User-Name = "ginac", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 0 > users: Matched DEFAULT at 8 > modcall[authorize]: module "files" returns ok for request 0 > modcall[authorize]: module "mschap" returns noop for request 0 > rlm_ldap: - authorize > rlm_ldap: performing user authorization for ginac > radius_xlat: '(uid=ginac)' > radius_xlat: 'dc=azquest,dc=com' > ldap_get_conn: Got Id: 0 > rlm_ldap: attempting LDAP reconnection > rlm_ldap: (re)connect to localhost:389, authentication 0 > rlm_ldap: bind as cn=Manager,dc=azquest,dc=com/FinallyOrganized! to > localhost:389 > rlm_ldap: waiting for bind result ... > rlm_ldap: performing search in dc=azquest,dc=com, with filter > (uid=ginac) > rlm_ldap: checking if remote access for ginac is allowed by dialupAccess > rlm_ldap: Added password {MD5}s3JRIsnTv+9WZGGeCOMYdw== in check items > rlm_ldap: looking for check items in directory... > rlm_ldap: looking for reply items in directory... > rlm_ldap: user ginac authorized to use remote access > ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns ok for request 0 > modcall: group authorize returns ok for request 0 > rad_check_password: Found Auth-Type Ldap > auth: type "LDAP" > modcall: entering group Auth-Type for request 0 > rlm_ldap: - authenticate > rlm_ldap: login attempt by "ginac" with password "ideletedthis" > rlm_ldap: user DN: uid=ginac,ou=Lennar,ou=azqaccounts,dc=azquest,dc=com > rlm_ldap: (re)connect to localhost:389, authentication 1 > rlm_ldap: bind as > uid=ginac,ou=Lennar,ou=azqaccounts,dc=azquest,dc=com/ideletedthis to > localhost:389 > rlm_ldap: waiting for bind result ... > rlm_ldap: user ginac authenticated succesfully > modcall[authenticate]: module "ldap" returns ok for request 0 > modcall: group Auth-Type returns ok for request 0 > Sending Access-Accept of id 19 to 216.183.100.11:1645 > Framed-MTU = 576 > Service-Type = Framed-User > Framed-Protocol = PPP > Framed-Routing = Broadcast-Listen > Framed-Compression = Van-Jacobson-TCP-IP > Finished request 0 > > > This is a debug of the new not working one. > ------------------------------------------------------------------------ > ----- > > rad_recv: Access-Request packet from host 216.183.100.11:1645, id=18, > length=108 > NAS-IP-Address = 216.183.100.11 > NAS-Port = 26 > Cisco-NAS-Port = "Async26" > NAS-Port-Type = Async > User-Name = "ginac" > Called-Station-Id = "1924" > Calling-Station-Id = "4807829708" > User-Password = "ideletedthis" > Service-Type = Framed-User > Framed-Protocol = PPP > modcall: entering group authorize for request 6 > modcall[authorize]: module "preprocess" returns ok for request 6 > modcall[authorize]: module "chap" returns noop for request 6 > rlm_eap: EAP-Message not found > modcall[authorize]: module "eap" returns noop for request 6 > rlm_realm: No '@' in User-Name = "ginac", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 6 > users: Matched DEFAULT at 8 > modcall[authorize]: module "files" returns ok for request 6 > modcall[authorize]: module "mschap" returns noop for request 6 > rlm_ldap: - authorize > rlm_ldap: performing user authorization for ginac > radius_xlat: '(uid=ginac)' > radius_xlat: 'dc=azquest,dc=com' > ldap_get_conn: Got Id: 0 > rlm_ldap: performing search in dc=azquest,dc=com, with filter > (uid=ginac) > rlm_ldap: checking if remote access for ginac is allowed by dialupAccess > rlm_ldap: Added password {MD5}s3JRIsnTv+9WZGGeCOMYdw== in check items > rlm_ldap: looking for check items in directory... > rlm_ldap: looking for reply items in directory... > rlm_ldap: user ginac authorized to use remote access > ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns ok for request 6 > modcall: group authorize returns ok for request 6 > rad_check_password: Found Auth-Type Ldap > auth: type "LDAP" > modcall: entering group Auth-Type for request 6 > rlm_ldap: - authenticate > rlm_ldap: login attempt by "ginac" with password "ideletedthis" > rlm_ldap: user DN: uid=ginac,ou=Lennar,ou=azqaccounts,dc=azquest,dc=com > rlm_ldap: (re)connect to 216.183.100.12:389, authentication 1 > rlm_ldap: bind as > uid=ginac,ou=Lennar,ou=azqaccounts,dc=azquest,dc=com/ideletedthis to > 216.183.100.12:389 > rlm_ldap: waiting for bind result ... > rlm_ldap: user ginac authenticated succesfully > modcall[authenticate]: module "ldap" returns ok for request 6 > modcall: group Auth-Type returns ok for request 6 > Sending Access-Accept of id 18 to 216.183.100.11:1645 > Framed-MTU = 576 > Service-Type = Framed-User > Framed-Protocol = PPP > Framed-Routing = Broadcast-Listen > Framed-Compression = Van-Jacobson-TCP-IP > Finished request 6 > Going to the next request > --- Walking the entire request list --- > Waking up in 6 seconds... > rad_recv: Access-Request packet from host 216.183.100.11:1645, id=18, > length=108 > Sending duplicate reply to client isdn-0:1645 - ID: 18 > Re-sending Access-Accept of id 18 to 216.183.100.11:1645 > --- Walking the entire request list --- > Waking up in 1 seconds... > --- Walking the entire request list --- > Cleaning up request 6 ID 18 with timestamp 405e34fa > Nothing to do. Sleeping until we see a request. > > > Here is a "sh radius statistics" when its not working > ---------------------------------------------------------- > > isdn-0#sh radius statistics > Maximum inQ length: 1 > Maximum waitQ length: 1 > Maximum doneQ length: 1 > Total responses seen: 58 > Packets with responses: 0 <--- this should be incrementing > Packets without responses: 15 > Average response delay: 0 ms > Maximum response delay: 0 ms > Number of Radius timeouts: 60 > Duplicate ID detects: 0 -- Entelin <[EMAIL PROTECTED]>
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
