Hello Cortney -
"Bad authenticator" means that the shared secret is not correct, or
that the authenticator is not being calculated correctly by the NAS.
You should first of all check the shared secrets (note that Ascends
have two shared secrets, one for authentication and one for
accounting).
If that doesn't work, you can use the "IgnoreAcctSignature" in the
Client clause. In the case of an AuthBy RADIUS, there is an
"IgnoreReplySignature" in the upcoming Radiator 2.18 release (which
is in beta and available for download if you feel brave and would
like to test it for us).
Note that Radiator 2.18 has proxy load balancing functionality that
would be useful in your situation.
hth
Hugh
At 14:14 -0700 01/2/20, Cortney Thompson wrote:
>Ok Brief overview of my system/problem. I am using 2 radiator
>machines to proxy request to different ISP's. I also have 2
>radiator machines doing auth/acct on the ISP end. Ok with that
>said. I recently upgraded a bunch of my TNT's to TAOS 9.0, and then
>upgraded radiator to 2.17.1 on the proxy side, and 2.16.1 (upgrade
>planned) on the authentication ISP side. I am getting this error in
>my radiator proxies:
>
>--------------------------------------------------------------------------------------------
>Tue Feb 20 13:45:02 2001: INFO: AuthRADIUS: No reply after 5
>retransmissions to 1812 for (229)
>Tue Feb 20 13:45:02 2001: INFO: AuthRADIUS: No response from any
>RADIUS hosts. Ignoring
>
>And This error out of my radiator authentication machines.
>
>Tue Feb 20 13:43:03 2001: WARNING: Bad authenticator in request from
>204.227.195.11 (216.67.190.154)
>--------------------------------------------------------------------------------------------
>
>This is a trace 4 dump from the radiator proxy machine
>--------------------------------------------------------------------------------------------
>*** Sending to 199.190.151.15 port 1812 ....
>Code: Ascend-Access-Event-Request
>Identifier: 13
>Authentic: <18><254><26><160>Ej/<191><210><235><239>,<234><173>g<21>
>Attributes:
> NAS-IP-Address = 216.67.190.218
> Port_Entry = "<0><0><0><1>"
>
>Tue Feb 20 12:59:47 2001: DEBUG: Packet dump:
>
>And the dump from the radiator authentication machine.
>
>*** Received from 216.67.191.20 port 1082 ....
>Code: Ascend-Access-Event-Request
>Identifier: 70
>Authentic: <204>eo~<175>L<165>.<255><195><131><140><7><175>k<172>
>Attributes:
> NAS-IP-Address = 216.67.190.218
> Port_Entry = "<0><0><0><1>"
>
>Tue Feb 20 12:58:52 2001: WARNING: Bad authenticator in request from
>204.227.195.11 (216.67.190.218)
>-------------------------------------------------------------------------------------------------
>
>I know what this packet is, basically a keep alive from the TNT's,
>but I do not have them configured to send keep alive's. Also why
>doesn't radiator understand this request, and why does it come back
>with a Bad Authenticator??
>
>I guess I am just up in arms here. Has anyone dealt with this, or
>is this a possible bug in 2.17.1??
>
>Thanks for any help.
>
>Cortney Thompson
>[EMAIL PROTECTED]
>
> Opinions are mine and do not necessarily reflect
> those of wyoming.com LLC
>
>
>===
>Archive at http://www.starport.net/~radiator/
>Announcements on [EMAIL PROTECTED]
>To unsubscribe, email '[EMAIL PROTECTED]' with
>'unsubscribe radiator' in the body of the message.
--
NB: I am travelling this week, so there may be delays in our correspondence.
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
