On 8.8.2017 11.46, Karl Gaissmaier wrote:
just as info before I'll do more debugging.
StatusServer seems to be broken in 4.19 and latest patches applies at
least here at Ulm University.
Quick check: does the upstream add Message-Authenticator attribute in
Status-Server requests and do they accept Message-Authenticator in replies?
Since Message-Authenticator uses the shared secret, is the secret
correct in case you have, for example, a separate monitoring going on
somewhere where there is no other traffic.
I had to go back in panic to 4.17, since my eduroam upstream with the
germany NREN stopped talking to me and a quick local test showed me,
that something is wrong with StatusServer in Radiator 4.19.
There have been changes in Status-Server handling where the requirement
of Message-Authenticator is likely the main thing that could cause drops.
More tests will follow but maybe it is already helpful for you and you
can look at your release tests too.
I'll check. One more question: is it over RADIUS or RadSec where you see
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
radiator mailing list