Hello Patricia -
I am going to need to see a complete transcript of the trace 4 debug showing
the entire sequence of events from the receipt of the initial packet from
radpwtst through all of the interactions thereafter.
thanks
Hugh
On Wed, 26 Jul 2000, Patricia Jung wrote:
> Hi Hugh and all,
>
> thnx a lot for replying that fast.
>
> On Wed, Jul 26, 2000 at 09:49:37AM +1000, Hugh Irvine wrote:
>
> > You may be seeing spurious timeout problems due to the default timeout in
> > radpwtst which is 5 seconds. If your remote radius takes a relatively long time
> > to respond you may need to adjust the timeouts in both the AuthBy RADIUS clause
> > and in radpwtst with the -timeout parameter.
> Could have been -- but even with a 20 sec RetryTimeout/-timeout, the
> problem does not disappear. The interesting bit is that Radiator -- even
> at the first try -- sees a Accept-Accept from the remote radius:
>
> > > *** Received from 1*5.2*4.2*0.2*1 port 1645 ....
> > > Code: Access-Accept
> ^^^^^^^^^^^^
>
> ... while radpwst is still waiting. But then, the mysterious Unknown reply
> ffollows:
>
> > > Identifier: 5
> > > Authentic: <176><19><225>!<229>3<200><127><166><141>v*<165>}<201><154>
> > > Attributes:
> > > Service-Type = Framed-User
> > >
> > > Tue Jul 25 17:04:58 2000: WARNING: Unknown reply received in AuthRADIUS
> ^^^^^^^^^^^^
>
> ... and hence, Radiator decides that -- inspite of the Access-Accept --
> iit didn't get a valid reply:
>
> > > for request 5 from 1*5.2*4.2*0.2*1:1645
> > > Tue Jul 25 17:05:03 2000: INFO: AuthRADIUS: No reply after 3
> ^^^^^^^^
> > > retransmissions to 1645 for bayRS1400 (238)
> > > Tue Jul 25 17:05:03 2000: INFO: AuthRADIUS: No response from any RADIUS
> > > hosts. Ignoring
> > >
>
> However, with a repeated request (even if we passed 10 minutes between
> the first and the second radpwst-try), I don't get Unknown-reply-warnings
> any longer:
>
> > >
> > > *** Received from 1*5.2*4.2*0.2*1 port 1645 ....
> > > Code: Access-Accept
> > > Identifier: 6
> > > Authentic: <153><230>p<134><237>&3-<153><169>zAD<188>\<182>
> > > Attributes:
> > > Service-Type = Framed-User
> > >
> > > Tue Jul 25 17:07:59 2000: DEBUG: Received reply in AuthRADIUS for req 6
> > > from 1*5.2*4.2*0.2*1:1645
> > > Tue Jul 25 17:07:59 2000: DEBUG: Packet dump:
> > > *** Sending to 127.0.0.1 port 4312 ....
> > > Code: Access-Accept
> > > Identifier: 179
> > > Authentic: 1234567890123456
> > > Attributes:
> > > Service-Type = Framed-User
>
> Instead, radpwst is happy. If I sent yet another request right after that,
> it won't succeed, the one after that will etc. In short: every 2nd request
> is successful.
>
> Any further hints? My configuration looks now as follows:
>
> > > <AuthBy GROUP>
> > >
> > > AuthByPolicy ContinueWhileReject
> > >
> > > <AuthBy SQL>
> > >
> > > DBSource dbi:mysql:radius
> > > DBUsername ***
> > > DBAuth ***
> > >
> > > FailureBackoffTime 300
> > >
> > > AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME='%n'
> > >
> > > AuthColumnDef 0, Encrypted-Password, check
> > >
> > >
> > > </AuthBy>
> > >
> > > <AuthBy RADIUS>
> > > Host ***
> > > Secret ***
> > > AuthPort 1645
>
> RetryTimeout 20
> > > </AuthBy>
> > >
> > > </AuthBy>
>
> Thanks a lot for caring
>
> Patricia
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
