hi Ivan, Just been able to restart witout affecting working sites, have started using -X and am seeing lots of info; for a start its binding to correct IP (which counters the multi-home issue i was concerned about). The sites that have probs are all reporting RADIUS ok, my query / concern is that why do some work and not others? Surely if it was routing / network stuff, none would work or all would work; unless the NAS is not behaving?
Was thinking about setting up another FR instance, separate IP and with just pure text (users) info but am not sure - what concerns me is seeing a few mails that have same symptoms (connect starts, then restarts after 10s) from other users but they dont seem to have got working. Have I upgraded FR (apt-get etc) and broken my config :( which I'm sure isnt true. Woudl setting up second FR be overkill, given stuff is working for other sites? Andy On 08/08/2007, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > The best way to verify this is to look at the debug (radiusd -X) for the > requests coming from the sites that have a problem. > > Ivan Kalik > Kalik Informatika ISP > > > Dana 8/8/2007, "Andy Billington" <[EMAIL PROTECTED]> piše: > > >Thanks Alan - that last point was what I wanted to confirm before > >going to the NAS owner to request they start looking. As you've said, > >teh RADIUS server sends out packets and they hit the network - if > >routing / network was the cause if this, none of the auth responses > >would get through. I'm trying disabling accounting for the moment, > >using Listen, to squash accounting related error messages. Cant enable > >debug for another two hours when the various test sites will finally > >close for the day and I can restart without impacting the sites that > >do work. > > > >The NAS and RADIUS servers are both doing auth and accounting, same > >IPs and same shared secrets (although different ports obviously). > >Again, if auth works for some sites - even if not for others - the > >shared secret must be correct, no? > > > >Sorry for asking what probably seem like basic questions but want to > >be sure of myself :-) > > > >Andy > > > > > >On 08/08/2007, Alan DeKok <[EMAIL PROTECTED]> wrote: > >> Andy Billington wrote: > >> > debug didnt seem a likely source of info given that this is a server > >> > that has been functionig without incident for six months and no > >> > changes have been made to its config. I have been looking at network / > >> > routing issues but couldnt figure out why some sites would work and > >> > not others, if it was network / routing? > >> > >> If the RADIUS server sends packets, it's done with RADIUS. After > >> that, check that the packets make it onto the local network, to the next > >> router, etc. > >> > >> > Surely all would work, or none, if it was that ie. the NAS woudl > >> > reject all transactions not just some of them? Not that interested in > >> > accounting packet problems except as an explanation of why sessions > >> > are dropping _in some cases_ but not in all; the authentication > >> > traffic seems to be fine. > >> > >> If all of the authentication traffic is OK, and accounting doesn't > >> work, then the accounting shared secrets are likely wrong. > >> > >> > Is there any network / routing related reason why a NAS would accept > >> > some FR responses but not others? > >> > >> If a NAS accepts one Access-Accept from a server, it should accept > >> them all. If it accepts on Accounting-Response from a server, it should > >> accept them all. > >> > >> Alan DeKok. > >> - > >> List info/subscribe/unsubscribe? See > >> http://www.freeradius.org/list/users.html > >> > >- > >List info/subscribe/unsubscribe? See > >http://www.freeradius.org/list/users.html > > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
