The best way to verify this is to look at the debug (radiusd -X) for the requests coming from the sites that have a problem.
Ivan Kalik Kalik Informatika ISP Dana 8/8/2007, "Andy Billington" <[EMAIL PROTECTED]> piše: >Thanks Alan - that last point was what I wanted to confirm before >going to the NAS owner to request they start looking. As you've said, >teh RADIUS server sends out packets and they hit the network - if >routing / network was the cause if this, none of the auth responses >would get through. I'm trying disabling accounting for the moment, >using Listen, to squash accounting related error messages. Cant enable >debug for another two hours when the various test sites will finally >close for the day and I can restart without impacting the sites that >do work. > >The NAS and RADIUS servers are both doing auth and accounting, same >IPs and same shared secrets (although different ports obviously). >Again, if auth works for some sites - even if not for others - the >shared secret must be correct, no? > >Sorry for asking what probably seem like basic questions but want to >be sure of myself :-) > >Andy > > >On 08/08/2007, Alan DeKok <[EMAIL PROTECTED]> wrote: >> Andy Billington wrote: >> > debug didnt seem a likely source of info given that this is a server >> > that has been functionig without incident for six months and no >> > changes have been made to its config. I have been looking at network / >> > routing issues but couldnt figure out why some sites would work and >> > not others, if it was network / routing? >> >> If the RADIUS server sends packets, it's done with RADIUS. After >> that, check that the packets make it onto the local network, to the next >> router, etc. >> >> > Surely all would work, or none, if it was that ie. the NAS woudl >> > reject all transactions not just some of them? Not that interested in >> > accounting packet problems except as an explanation of why sessions >> > are dropping _in some cases_ but not in all; the authentication >> > traffic seems to be fine. >> >> If all of the authentication traffic is OK, and accounting doesn't >> work, then the accounting shared secrets are likely wrong. >> >> > Is there any network / routing related reason why a NAS would accept >> > some FR responses but not others? >> >> If a NAS accepts one Access-Accept from a server, it should accept >> them all. If it accepts on Accounting-Response from a server, it should >> accept them all. >> >> Alan DeKok. >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
