Hi Hugh and all,
thnx a lot for replying that fast.
On Wed, Jul 26, 2000 at 09:49:37AM +1000, Hugh Irvine wrote:
> You may be seeing spurious timeout problems due to the default timeout in
> radpwtst which is 5 seconds. If your remote radius takes a relatively long time
> to respond you may need to adjust the timeouts in both the AuthBy RADIUS clause
> and in radpwtst with the -timeout parameter.
Could have been -- but even with a 20 sec RetryTimeout/-timeout, the
problem does not disappear. The interesting bit is that Radiator -- even
at the first try -- sees a Accept-Accept from the remote radius:
> > *** Received from 1*5.2*4.2*0.2*1 port 1645 ....
> > Code: Access-Accept
^^^^^^^^^^^^
... while radpwst is still waiting. But then, the mysterious Unknown reply
follows:
> > Identifier: 5
> > Authentic: <176><19><225>!<229>3<200><127><166><141>v*<165>}<201><154>
> > Attributes:
> > Service-Type = Framed-User
> >
> > Tue Jul 25 17:04:58 2000: WARNING: Unknown reply received in AuthRADIUS
^^^^^^^^^^^^
... and hence, Radiator decides that -- inspite of the Access-Accept --
it didn't get a valid reply:
> > for request 5 from 1*5.2*4.2*0.2*1:1645
> > Tue Jul 25 17:05:03 2000: INFO: AuthRADIUS: No reply after 3
^^^^^^^^
> > retransmissions to 1645 for bayRS1400 (238)
> > Tue Jul 25 17:05:03 2000: INFO: AuthRADIUS: No response from any RADIUS
> > hosts. Ignoring
> >
However, with a repeated request (even if we passed 10 minutes between
the first and the second radpwst-try), I don't get Unknown-reply-warnings
any longer:
> >
> > *** Received from 1*5.2*4.2*0.2*1 port 1645 ....
> > Code: Access-Accept
> > Identifier: 6
> > Authentic: <153><230>p<134><237>&3-<153><169>zAD<188>\<182>
> > Attributes:
> > Service-Type = Framed-User
> >
> > Tue Jul 25 17:07:59 2000: DEBUG: Received reply in AuthRADIUS for req 6
> > from 1*5.2*4.2*0.2*1:1645
> > Tue Jul 25 17:07:59 2000: DEBUG: Packet dump:
> > *** Sending to 127.0.0.1 port 4312 ....
> > Code: Access-Accept
> > Identifier: 179
> > Authentic: 1234567890123456
> > Attributes:
> > Service-Type = Framed-User
Instead, radpwst is happy. If I sent yet another request right after that,
it won't succeed, the one after that will etc. In short: every 2nd request
is successful.
Any further hints? My configuration looks now as follows:
> > <AuthBy GROUP>
> >
> > AuthByPolicy ContinueWhileReject
> >
> > <AuthBy SQL>
> >
> > DBSource dbi:mysql:radius
> > DBUsername ***
> > DBAuth ***
> >
> > FailureBackoffTime 300
> >
> > AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME='%n'
> >
> > AuthColumnDef 0, Encrypted-Password, check
> >
> >
> > </AuthBy>
> >
> > <AuthBy RADIUS>
> > Host ***
> > Secret ***
> > AuthPort 1645
RetryTimeout 20
> > </AuthBy>
> >
> > </AuthBy>
Thanks a lot for caring
Patricia
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
