Thanks for the heads-up. I will look for this this coming weekend when I get 2.2.2 in production.
Jonathan Gazeley <jonathan.gaze...@bristol.ac.uk> wrote: >We've recently upgraded our radius servers from 2.1.12 (CentOS 6 >packaged default) to 2.2.1 (latest stable from FR, built by hand). > >A config that used to work under 2.1.12 no longer appears to work the >same way under 2.2.1. Our Cisco WLCs send periodic probes in the form of >a test authentication. There is a snippet of config that intercepts >these authentication requests: > ># /etc/raddb/conf.d/wism-checks.conf >if (Service-Type == "NAS-Prompt-User") { > if (NAS-IP-Address =~ /^172\.17\.107\./) { > if (User-Name =~ /^wisms\-testing/) { > update control { > Auth-Type := Accept > } > updated > } > else { > reject > } > } >updated = return >} > > >This config is included in every virtual server's outer config: > ># /etc/raddb/sites-enabled/eduroamlocal >authorize { > $INCLUDE conf.d/wism-checks.conf >} > > >Looking at the output from radiusd -XC the wism-checks.conf file is >being included in multiple places, yet when the server is running there >is no record of these test probe packets being processed. This means the >WLCs think the radius server is dead, and stop using it. I've had to >roll back to 2.1.12 to restore stable wireless service for our users. > >I can only assume this code block is being skipped over for some reason. >At present I'm unable to drop production radius servers into debug mode >since they can't handle the load while debugging, and while I do have >some development radius servers, our WLCs won't sent it these probe >packets unless it is an active production radius server. > >Does anyone have any tips for debugging this in a minimally disruptive >way? At the moment we don't have any development WLCs but we might have >to get some so we can have a separate environment for testing. In the >meantime I'm trying to get this code block to work so we can use the >newer version of FR. > >Thanks, and happy Friday >Jonathan >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html