On 8.8.2017 11.46, Karl Gaissmaier wrote:

just as info before I'll do more debugging.

StatusServer seems to be broken in 4.19 and latest patches applies at least here at Ulm University.

Quick check: does the upstream add Message-Authenticator attribute in Status-Server requests and do they accept Message-Authenticator in replies?

Since Message-Authenticator uses the shared secret, is the secret correct in case you have, for example, a separate monitoring going on somewhere where there is no other traffic.

I had to go back in panic to 4.17, since my eduroam upstream with the germany NREN stopped talking to me and a quick local test showed me, that something is wrong with StatusServer in Radiator 4.19.

There have been changes in Status-Server handling where the requirement of Message-Authenticator is likely the main thing that could cause drops.

More tests will follow but maybe it is already helpful for you and you can look at your release tests too.

I'll check. One more question: is it over RADIUS or RadSec where you see the problem?

Thanks,
Heikki

--
Heikki Vatiainen <h...@open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
_______________________________________________
radiator mailing list
radiator@lists.open.com.au
http://lists.open.com.au/mailman/listinfo/radiator

Reply via email to