(RADIATOR) proxy related problem

Mon, 8 Nov 1999 11:18:05 -0800 

Hi,
I just started using radiator within the past 2 months and it runs great,
well most of the time, that is.  I have found a problem cropping up
occasionally that I am not sure how to resolve.  I do quite a bit of
proxying and when one of my customers has a problem with their radius
server it feeds back to local authentication on my radius servers and some
of my own users randomly cannot login.  The error message I get in the
logs is 
Mon Nov  8 08:06:14 1999: INFO: AuthRADIUS: No reply after 3 retransmissions
Now the load average on my server is less that .50.   Why would proxying
failures cause my local users to not authenticate correctly?  As soon as
the other server is fixed or reachable those users can authenticate and
mine can also reliably.  I am using Radiator 2.14.1 and MySQL to
authenticate my local users and it works flawlessly unless one of my
proxying customers is having a problem.

I have the following config for each of my proxying customers:
<Realm realm name>
        <AuthBy RADIUS>
                Fork
                Host first radius server
                Host second radius server
                Secret secret
                AuthPort 1645
        </AuthBy>
</Realm>

I am going to try shortening timeouts in my config by adding 
Retries         2
RetryTimeout    3

This will get it to give up quicker for each proxy request, but I dont 
think this is going to solve the problem.  

On a less problematic note I was also wondering if you would consider
making 2 changes to Radiator.  The first one is to the RADIUS module to
have it log more info for Trace Level 3.  I think it would be helpful to
have it log the host that it was not able to reach after x
retransmissions:

Mon Nov  8 08:06:14 1999: INFO: AuthRADIUS: No reply after x retransmissions from <ip 
address>  

I added that to my own to see which of the remote radius servers was
having a problem and it allows me to easily see which customer's radius
server could be having a problem.

The second request deals with password logging. Would it be possible
to add an option that would  instead of logging all passwords, except for
exempted users, to only log a users failed attempt.  If the user logs in I
do not need to see the correct password, but if they are failing with
their password errors it would be nice to see what they are mistakenly
typing. 

Thanks for any help.
Mike


===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to