> According to my research, FreeRADIUS supposedly does work from behind > an LVS load balancer. My current configuration works perfectly > outside of the LVS, but once it is put behind the LVS it ceases > to work. Connections seem to succeed even behind the LVS, until > they get to an access challenge, where I get: > > rad_recv: Access-Challenge packet from host 192.168.240.111:5058, > id=42, length=64 Authentication reply packet code 11 sent to a non- > proxy reply port from client WPA_Test:5058 - ID 42 : IGNORED
This was actually due to a buggy 3com access point. The real problem seems to have something to do with the way NAT interacts with radius. The Access-Request packets arrive at the backend server just fine: rad_recv: Access-Request packet from host 192.168.240.172:1031, id=0, length=209 Sending duplicate reply to client WPA_Test2.med-web.com:1031 - ID: 0 Re-sending Access-Challenge of id 0 to 192.168.240.172 port 1031 The AP's log doesn't show any indications of receiving them, so it would appear the problem is in the LVS/NAT, and probably doesn't have anything to do with the radius configuration. Feel free to call me out on this if you have an alternative explanation. -- Click for free info on online masters degrees and make $150K/ year http://tagline.hushmail.com/fc/CAaCXv1S74peFBJxEXqfDuyjOXwTvFQZ/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html