On Fri, 8 Oct 2004, Alan DeKok wrote:
> Josh Howlett <[EMAIL PROTECTED]> wrote:
> > I've done that too - and there's no record of the incoming RADIUS
> > transaction, yet the NAS sees it!
>
> Run tcpdump on the network. I'd bet that the packets are going to a
> different IP and/or port.
Here you go:
14:10:08.344582 192.168.1.208.60615 > 192.168.1.202.1812:
rad-access-req 72 [id 83] Attr[ User{A} Pass Framed_ipaddr{X} ] (DF)
14:10:08.382423 192.168.1.202.1812 > 192.168.1.208.60615:
rad-access-accept 32 [id 83] Attr[ Reply{8} Vendor_specific{} ] (DF)
14:10:08.641964 192.168.1.208.60615 > 192.168.1.202.1812:
rad-access-req 69 [id 83] Attr[ User{B} Pass Framed_ipaddr{Y} [|radius] (DF)
14:10:08.642038 192.168.1.202.1812 > 192.168.1.208.60615:
rad-access-accept 32 [id 83] Attr[ Reply{8} Vendor_specific{} ] (DF)
The first request is processed correctly. The second request is not; it
contains the wrong Reply-Message and VSA values. It is also not logged,
either in detail (auth, reply), or in -X output.
In fact, the returned attributes in the second Access-Accept are the
same as the first (when they should have been different).
I am speculating here, but it is possible that FR has gotten confused by
the fact that each Access-Request bears the same source IP:port and ID
field, and is returning a duplicate Access-Accept?
many thanks, josh.
------------------------------------------------------------
Josh Howlett, Networking & Digital Communications,
Information Systems & Computing, University of Bristol, U.K.
'phone: 0117 928 7850 email: [EMAIL PROTECTED]
------------------------------------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
