Hi Heikki,
Am 08.08.2017 um 11:15 schrieb Heikki Vatiainen:
On 8.8.2017 11.46, Karl Gaissmaier wrote:
just as info before I'll do more debugging.
StatusServer seems to be broken in 4.19 and latest patches applies at
least here at Ulm University.
Quick check: does the upstream add Message-Authenticator attribute in
Status-Server requests and do they accept Message-Authenticator in
replies?
nothing has changed at the upstream since I upgraded yesterday, here you
see it after I switched back to 4.17:
Tue Aug 8 09:07:43 2017 099341: DEBUG: Packet dump:
*** Received from 193.174.XX.YY port 33333 ....
Code: Status-Server
Identifier: 0
Authentic: <230>)t<226><6><166><174><232><20>$<9>O<184>vfB
Attributes:
Message-Authenticator =
b<165><188><140>C<231><209><15>\<160>c<205><174><242>=<6>
Tue Aug 8 09:07:43 2017 099988: DEBUG: Packet dump:
*** Sending reply to RadSec 193.174.75.134:33333 ....
Code: Access-Accept
Identifier: 0
Authentic: <230>)t<226><6><166><174><232><20>$<9>O<184>vfB
Attributes:
Reply-Message = "Radiator Radius server version 4.17"
Reply-Message = "Running on mizar since Tue Aug 8 09:05:44 2017"
Since Message-Authenticator uses the shared secret, is the secret
correct in case you have, for example, a separate monitoring going on
somewhere where there is no other traffic.
yes, nothing changed
I had to go back in panic to 4.17, since my eduroam upstream with the
germany NREN stopped talking to me and a quick local test showed me,
that something is wrong with StatusServer in Radiator 4.19.
There have been changes in Status-Server handling where the
requirement of Message-Authenticator is likely the main thing that
could cause drops.
More tests will follow but maybe it is already helpful for you and
you can look at your release tests too.
I'll check. One more question: is it over RADIUS or RadSec where you
see the problem?
both, I've local checks with nagios, personally scripted with
Authen::Radius, stopped working too, and remote via Server RADSEC from
the german NREN.
Thanks for help. Great service, as always!
Best Regards
Charly
--
Karl Gaissmaier
Universität Ulm
kiz, Kommunikations und Informationszentrum
89069 Ulm
Tel.: 49(0)731/50-22499
Fax : 49(0)731/50-12-22499
_______________________________________________
radiator mailing list
[email protected]
http://lists.open.com.au/mailman/listinfo/radiator
