We are having problems in a proxy configurations where the requesting
radiator is not seeing the access ok from the remote proxy.
>From the requesting proxy
Mon Nov 27 21:30:27 2000: INFO: Server started: Radiator 2.16.3 on
passat
Mon Nov 27 21:32:24 2000: INFO: AuthRADIUS: No reply after 3
retransmissions to 1812 for [EMAIL PROTECTED] (246)
Mon Nov 27 21:32:24 2000: INFO: AuthRADIUS: No response from any RADIUS
hosts. Ignoring
Mon Nov 27 21:32:39 2000: INFO: AuthRADIUS: No reply after 3
retransmissions to 1812 for [EMAIL PROTECTED] (246)
Mon Nov 27 21:32:39 2000: INFO: AuthRADIUS: No response from any RADIUS
hosts. Ignoring
Mon Nov 27 21:32:54 2000: INFO: AuthRADIUS: No reply after 3
retransmissions to 1812 for [EMAIL PROTECTED] (246)
Mon Nov 27 21:32:54 2000: INFO: AuthRADIUS: No response from any RADIUS
hosts. Ignoring
Mon Nov 27 21:33:09 2000: INFO: AuthRADIUS: No reply after 3
retransmissions to 1812 for [EMAIL PROTECTED] (246)
Mon Nov 27 21:33:09 2000: INFO: AuthRADIUS: No response from any RADIUS
hosts. Ignoring
Mon Nov 27 21:27:51 2000: INFO: Server started: Radiator 2.16.3 on
ngatoro
Mon Nov 27 21:30:44 2000: DEBUG: Packet dump:
*** Received from 202.9.225.194 port 1089 ....
Code: Access-Request
Identifier: 1
Authentic: <209><161>2<173><133>m8<227>Q<133><30><29><226><5><253><131>
Attributes:
NAS-IP-Address = 202.9.225.17
NAS-Port = 62
NAS-Port-Type = Virtual
User-Name = "[EMAIL PROTECTED]"
Calling-Station-Id = "202.9.225.194"
User-Password =
"x<192><208><4><219><221>1Y<22><209>`<230>v<234><0><150>"
Mon Nov 27 21:30:44 2000: DEBUG: Check if Handler Realm =
/(worldpacific.com.au)/i should be used to handle this request
Mon Nov 27 21:30:44 2000: DEBUG: Handling request with Handler 'Realm =
/(worldpacific.com.au)/i'
Mon Nov 27 21:30:44 2000: DEBUG: Rewrote user name to ken
Mon Nov 27 21:30:44 2000: DEBUG: Rewrote user name to ken
Mon Nov 27 21:30:44 2000: DEBUG: Deleting session for
[EMAIL PROTECTED], 202.9.225.17, 62
Mon Nov 27 21:30:44 2000: DEBUG: Handling with Radius::AuthGROUP
Mon Nov 27 21:30:44 2000: DEBUG: Handling with Radius::AuthUNIX
Mon Nov 27 21:30:44 2000: DEBUG: Radius::AuthUNIX looks for match with
ken
Mon Nov 27 21:30:44 2000: DEBUG: Radius::AuthUNIX ACCEPT:
Mon Nov 27 21:30:44 2000: DEBUG: Access accepted for ken
Mon Nov 27 21:30:44 2000: DEBUG: Packet dump:
*** Sending to 202.9.225.194 port 1089 ....
Code: Access-Accept
Identifier: 1
Authentic: <209><161>2<173><133>m8<227>Q<133><30><29><226><5><253><131>
Attributes:
Mon Nov 27 21:30:59 2000: DEBUG: Packet dump:
*** Received from 202.9.225.194 port 1089 ....
Code: Access-Request
Identifier: 2
Authentic: <209><161>2<173><133>m8<227>Q<133><30><29><226><5><253><131>
Attributes:
NAS-IP-Address = 202.9.225.17
NAS-Port = 62
NAS-Port-Type = Virtual
User-Name = "[EMAIL PROTECTED]"
Calling-Station-Id = "202.9.225.194"
User-Password =
"x<192><208><4><219><221>1Y<22><209>`<230>v<234><0><150>"
Mon Nov 27 21:30:59 2000: DEBUG: Check if Handler Realm =
/(worldpacific.com.au)/i should be used to handle this request
Mon Nov 27 21:30:59 2000: DEBUG: Handling request with Handler 'Realm =
/(worldpacific.com.au)/i'
Mon Nov 27 21:30:59 2000: DEBUG: Rewrote user name to ken
Mon Nov 27 21:30:59 2000: DEBUG: Rewrote user name to ken
Mon Nov 27 21:30:59 2000: DEBUG: Deleting session for
[EMAIL PROTECTED], 202.9.225.17, 62
Mon Nov 27 21:30:59 2000: DEBUG: Handling with Radius::AuthGROUP
Mon Nov 27 21:30:59 2000: DEBUG: Handling with Radius::AuthUNIX
Mon Nov 27 21:30:59 2000: DEBUG: Radius::AuthUNIX looks for match with
ken
Mon Nov 27 21:30:59 2000: DEBUG: Radius::AuthUNIX ACCEPT:
Mon Nov 27 21:30:59 2000: DEBUG: Access accepted for ken
Mon Nov 27 21:30:59 2000: DEBUG: Packet dump:
*** Sending to 202.9.225.194 port 1089 ....
Code: Access-Accept
Identifier: 2
Authentic: <209><161>2<173><133>m8<227>Q<133><30><29><226><5><253><131>
Attributes:
Mon Nov 27 21:31:09 2000: DEBUG: Packet dump:
*** Received from 202.9.225.194 port 1089 ....
Code: Access-Request
Identifier: 1
Authentic: <209><161>2<173><133>m8<227>Q<133><30><29><226><5><253><131>
Attributes:
NAS-IP-Address = 202.9.225.17
NAS-Port = 62
NAS-Port-Type = Virtual
User-Name = "[EMAIL PROTECTED]"
Calling-Station-Id = "202.9.225.194"
User-Password =
"x<192><208><4><219><221>1Y<22><209>`<230>v<234><0><150>"
Mon Nov 27 21:31:09 2000: DEBUG: Check if Handler Realm =
/(worldpacific.com.au)/i should be used to handle this request
Mon Nov 27 21:31:09 2000: DEBUG: Handling request with Handler 'Realm =
/(worldpacific.com.au)/i'
Mon Nov 27 21:31:09 2000: DEBUG: Rewrote user name to ken
Mon Nov 27 21:31:09 2000: DEBUG: Rewrote user name to ken
Mon Nov 27 21:31:09 2000: DEBUG: Deleting session for
[EMAIL PROTECTED], 202.9.225.17, 62
Mon Nov 27 21:31:09 2000: DEBUG: Handling with Radius::AuthGROUP
Mon Nov 27 21:31:09 2000: DEBUG: Handling with Radius::AuthUNIX
Mon Nov 27 21:31:09 2000: DEBUG: Radius::AuthUNIX looks for match with
ken
Mon Nov 27 21:31:09 2000: DEBUG: Radius::AuthUNIX ACCEPT:
Mon Nov 27 21:31:09 2000: DEBUG: Access accepted for ken
Mon Nov 27 21:31:09 2000: DEBUG: Packet dump:
*** Sending to 202.9.225.194 port 1089 ....
Code: Access-Accept
Identifier: 1
Authentic: <209><161>2<173><133>m8<227>Q<133><30><29><226><5><253><131>
Attributes:
Mon Nov 27 21:31:14 2000: DEBUG: Packet dump:
etc etc etc.
Secrets the same in all cases.
Configs on the requestor 202.9.225.194 are
......
<Client 203.16.244.91>
Secret xxxxxxx
</Client>
<Client 202.9.224.11>
Secret xxxxxxx
</Client>
<Client 203.16.244.83>
Secret xxxxxxx
</Client>
.........
<Handler Realm = /worldpacific.com.au/i>
RewriteUsername tr/A-Z/a-z/
<AuthBy RADIUS>
Host 203.16.244.83
Secret xxxxxxx
AuthPort 1812
AcctPort 1813
RetryTimeout 25
</AuthBy>
</Handler>
On the reciever
.......
# Terrigal Proxy servers
<Client 203.16.244.91>
Secret xxxxxxxx
</Client>
<Client 202.9.224.11>
Secret xxxxxxxx
</Client>
# Nobbys Proxy Servers
<Client 202.9.225.194>
Secret xxxxxxx
</Client>
<Client 202.9.224.21>
Secret xxxxxxx
</Client>
.....
<AuthBy UNIX>
Identifier CheckPassfile
Filename /etc/passwd
</AuthBy>
# define an AuthBy GROUP to do both checks
<AuthBy GROUP>
Identifier CheckPassword
AuthByPolicy ContinueUntilAccept
AuthBy CheckPassfile
</AuthBy>
# Used for handling requests with realms (sec 6.12)
<Handler Realm = /(worldpacific.com.au)/i>
#Strip the realm from all requests for nobbys.net.au realms
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/A-Z/a-z/
# Log accounting for this realm to the following file in LogDir (sec
6.13.4)
AcctLogFileName %L/account.%Y%m%d
# Set the number of simultaneous sessions allowed for users in this
realm
# (sec 6.13.3)
MaxSessions 1
# File that records all authentication attempts for this realm (sec
6.13.7)
PasswordLogFileName %L/password.%Y%m%d
AuthBy CheckPassword
</Handler>
We've experimented with the RetryTimes and TimeOuts to no avail,
and presently have the ports on 1812/13 on this server pair, although
the 202.9.225.194 runs on 1645/46
Link in this case is ISDN, but we have the same problem with an Ethernet
linked server, which I'd be surprised that we're losing UDP packets over
the net with! Do we need to define the ports in /etc/services?
What have we forgotten, or what can we do to isolate it. I also tried
without expecting anysuccess the ServerHasBrokenPorts commands.
Many thanks to Hugh and Mike and the other participants for an
informative list.
--
Ken Kirkby
PLC Peripherals * Nobbys Net + Terrigal Net
http://www.plc-peripherals.com
Real Time Hardware and Software - Cisco Certified Regional ISP.
Servicing the NSW Central Coast, Newcastle, Sydney, Melbourne and
areas around Denman, Werris Creek, Bulahdelah, Wingham, and Narrabri
PO Box 815 Terrigal NSW 2260 Australia. ph +61 2 4385 2335 fx +61 2
4385 3720
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
