Hi Guys,
I have a problem in that I keep getting the following error from the current
config that I am running.
WARNING: Unknown reply received in AuthRADIUS for request 1 from xx.xx.xx.xx:1645
WARNING: Unknown reply received in AuthRADIUS for request 1 from yy.yy.yy.yy:1645
WARNING: Unknown reply received in AuthRADIUS for request 1 from xx.xx.xx.xx:1645
WARNING: Unknown reply received in AuthRADIUS for request 1 from xx.xx.xx.xx:1646
I am trying look in one database for a user, and if they exist then proxy the
request to another radius server based on the realm.
This config works fine If I just use it with only one user (me) using it. When
a lot of different user use it though, I find that radiator starts to ignore
alot of the reply packets from the downstream radius servers.
It looks like radiator sends out the packet but then receives a reply from one
of the other servers, so it ignores the correct reply, as though it can not tell
the difference between the various replys it has received.
Some of the realms use the same proxy as each other, but other realms that have
one unique server to themselves still get unknown replys.
I think the problem may be stemming from my use of the 'Syncronous' flag but
from what I have checked in the documentation I beleive it is right.
For what It is worth I have included a trace at the end, which shows
request received->
request checked at first db->
proxed to other server->
reply received.
But then I get the unknown reply error.
On another note there is a but of ambiguity with the use of the
FailureBackoffTime in <authby SQLRADIUS> does it relate to the sql server back
off time or the radius proxy backoff time.
My Config...
Basically this is the handler that is hit for almost all the realms...
<Handler Realm = /*.net/>
Identifier RADallusers
AuthBy RADUser
AuthBy RADUserLog
AcctLogFileName /var/log/radacct/details/%R.detail
</Handler>
which then gets passed to this auth module...
<authBy GROUP>
Identifier RADUser
AuthByPolicy ContinueUntilReject
Fork
<authBy SQL>
Identifier RADUserCheck
DBSource dbi:mysql:%{GlobalVar:DBNAME}:%{GlobalVar:DBSERVER}
DBUsername %{GlobalVar:DBUSER}
DBAuth %{GlobalVar:DBPASS}
FailureBackoffTime %{GlobalVar:DBBACKOFFTIME}
IgnoreAccounting
NoDefault
AuthSelect select username, extra from users where username=%0
AuthColumnDef 0, User-Name, check
AuthColumnDef 1, GENERIC, reply
</AuthBy>
<authBy SQLRADIUS>
Identifier RADProxy
Synchronous
# I have tried every combo of these to no availe.
#UseExtendedIds
#IgnoreReplySignature
#ServerHasBrokenAddresses
Retries 2
RetryTimeout 15
DBSource dbi:mysql:%{GlobalVar:DBNAME}:%{GlobalVar:DBSERVER}
DBUsername %{GlobalVar:DBUSER}
DBAuth %{GlobalVar:DBPASS}
FailureBackoffTime %{GlobalVar:DBBACKOFFTIME}
HostSelect select R.host%0, R.secret, R.authport, \
R.acctport, R.rewriteusername from radiusservers R \
where R.dsl_domain='%R'
NumHosts 2
HostColumnDef 0, Host
HostColumnDef 1, Secret
HostColumnDef 2, AuthPort
HostColumnDef 3, AcctPort
HostColumnDef 4, RewriteUsername
</AuthBy>
</AuthBy>
And then this bit...(but no problems here.)
<authBy SQL>
Identifier RADUserLog
DBSource dbi:mysql:%{GlobalVar:DBNAME}:%{GlobalVar:DBSERVER}
DBUsername %{GlobalVar:DBUSER}
DBAuth %{GlobalVar:DBPASS}
FailureBackoffTime %{GlobalVar:DBBACKOFFTIME}
AcctFailedLogFileName %Y%m/%R.detail
AccountingTable detail_%Y%m
IgnoreAuthentication
AcctColumnDef loggin stuff...
</AuthBy>
I do have other Handles in the file that are just strait out <authBy RADIUS>.
Thanks for any help,
Simon Woodward
One Earth Internet
Mon Jul 28 18:45:03 2003: DEBUG: Timed out, retransmitting
Mon Jul 28 18:45:03 2003: DEBUG: Packet dump:
*** Sending to 203.26.199.6 port 1646 ....
Code: Accounting-Request
Identifier: 2
Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Attributes:
Acct-Session-Id = "0006A8F5"
Tunnel-Server-Endpoint = 203.194.30.234
Tunnel-Client-Endpoint = 172.31.148.87
Tunnel-Assignment-ID = 1
Tunnel-Type = 0:L2TP
Tunnel-ID = 1956114
Tunnel-Client-Auth-ID = n2563728k-vez2
Tunnel-Server-Auth-ID = LNS02-DRYB-MEL
Framed-Protocol = PPP
Framed-IP-Address = 220.240.71.96
Ascend-Connect-Progress = 60
Ascend-PreSession-Time = 2
Ascend-Xmit-Rate = 512
Ascend-Data-Rate = 512
Acct-Session-Time = 13962
Acct-Input-Octets = 43904
Acct-Output-Octets = 48593
Ascend-Pre-Input-Octets = 0
Ascend-Pre-Output-Octets = 98
Acct-Input-Packets = 2820
Acct-Output-Packets = 2827
Ascend-Pre-Input-Packets = 0
Ascend-Pre-Output-Packets = 6
Acct-Authentic = RADIUS
Acct-Status-Type = Alive
NAS-Port = 1310
Calling-Station-Id = "atm 9"
Called-Station-Id = "3:2.184#184569834##speed:UBR:512#pppoe
00:09:f3:00:ab:3b#/"
Service-Type = Framed-User
NAS-IP-Address = 203.220.79.62
Ascend-Session-Svr-Key = "91DA2645"
Event-Timestamp = 1059381899
NAS-Identifier = "LNS02-DRYB-MEL.comindico.com.au"
Acct-Delay-Time = 5
User-Name = "[EMAIL PROTECTED]"
NAS-Port-Type = ADSL-DMT
Timestamp = 1059381898
Mon Jul 28 18:45:03 2003: DEBUG: Packet dump:
*** Received from 203.194.28.132 port 1813 ....
Code: Accounting-Request
Identifier: 147
Authentic: <248><147>Ud]<0><254><227>LI<182><9>J<173><128>8
Attributes:
Acct-Session-Id = "000DB306"
Tunnel-Server-Endpoint = 203.194.30.234
Tunnel-Client-Endpoint = 172.31.147.87
Tunnel-Assignment-ID = 1
Tunnel-Type = 0:L2TP
Tunnel-ID = 1048028
Tunnel-Client-Auth-ID = n2563728k-nky2
Tunnel-Server-Auth-ID = LNS02-KENT-SYD
Framed-Protocol = PPP
Framed-IP-Address = 220.240.4.159
Ascend-Connect-Progress = 60
Ascend-PreSession-Time = 2
Ascend-Xmit-Rate = 512
Ascend-Data-Rate = 512
Acct-Session-Time = 566934
Acct-Input-Octets = 64704547
Acct-Output-Octets = 103235506
Ascend-Pre-Input-Octets = 0
Ascend-Pre-Output-Octets = 101
Acct-Input-Packets = 260287
Acct-Output-Packets = 274132
Ascend-Pre-Input-Packets = 0
Ascend-Pre-Output-Packets = 5
Acct-Authentic = RADIUS
Acct-Status-Type = Alive
NAS-Port = 1642
Calling-Station-Id = "atm 10"
Called-Station-Id = "0:2.299#184550311##speed:UBR:512#pppoe
00:50:ba:99:e8:b4#/"
Service-Type = Framed-User
NAS-IP-Address = 203.194.30.241
Ascend-Session-Svr-Key = "189124C2"
Event-Timestamp = 1059381904
NAS-Identifier = "LNS02-KENT-SYD.comindico.com.au"
Acct-Delay-Time = 0
User-Name = "[EMAIL PROTECTED]"
NAS-Port-Type = ADSL-DMT
Proxy-State =
BSP2ims01-syd/6A8327DD60A0ED5525616BCEE8C7A478A18777C27B90B583A712D0B6F52951109EA394BB7B90B0436CD0CCE8A1805778425391
CD9798AD449F71BA7887426403FCCCE02019FFDF76E723B778875D3F54E7CCE02056F4C228897CB76D
Mon Jul 28 18:45:03 2003: DEBUG: Rewrote user name to [EMAIL PROTECTED]
Mon Jul 28 18:45:03 2003: DEBUG: Rewrote user name to [EMAIL PROTECTED]
Mon Jul 28 18:45:03 2003: DEBUG: Handling request with Handler 'Realm = 1earth.net'
Mon Jul 28 18:45:03 2003: DEBUG: Adding session for [EMAIL PROTECTED],
203.194.30.241, 1642
Mon Jul 28 18:45:03 2003: DEBUG: Handling with Radius::AuthGROUP
Mon Jul 28 18:45:03 2003: DEBUG: Handling with Radius::AuthSQL
Mon Jul 28 18:45:03 2003: DEBUG: Handling with Radius::AuthRADIUS
Mon Jul 28 18:45:03 2003: DEBUG: Query is: 'select R.host1, R.secret,
R.authport, R.acctport, R.rewriteusername,
R.extras from radius R where R.domain='1earth.net'':
Mon Jul 28 18:45:03 2003: DEBUG: Handling with Radius::AuthSQL
Mon Jul 28 18:45:03 2003: DEBUG: Handling accounting with Radius::AuthSQL
Mon Jul 28 18:45:03 2003: DEBUG: Accounting accepted
Mon Jul 28 18:45:03 2003: DEBUG: Packet dump:
*** Sending to 203.194.28.132 port 1813 ....
Code: Accounting-Response
Identifier: 147
Authentic: <248><147>Ud]<0><254><227>LI<182><9>J<173><128>8
Attributes:
Proxy-State =
BSP2ims01-syd/6A8327DD60A0ED5525616BCEE8C7A478A18777C27B90B583A712D0B6F52951109EA394BB7B90B0436CD0CCE8A1805778425391
CD9798AD449F71BA7887426403FCCCE02019FFDF76E723B778875D3F54E7CCE02056F4C228897CB76D
Mon Jul 28 18:45:03 2003: DEBUG: Packet dump:
*** Sending to 203.132.224.18 port 1646 ....
Code: Accounting-Request
Identifier: 7
Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Attributes:
Acct-Session-Id = "000DB306"
Tunnel-Server-Endpoint = 203.194.30.234
Tunnel-Client-Endpoint = 172.31.147.87
Tunnel-Assignment-ID = 1
Tunnel-Type = 0:L2TP
Tunnel-ID = 1048028
Tunnel-Client-Auth-ID = n2563728k-nky2
Tunnel-Server-Auth-ID = LNS02-KENT-SYD
Framed-Protocol = PPP
Framed-IP-Address = 220.240.4.159
Ascend-Connect-Progress = 60
Ascend-PreSession-Time = 2
Ascend-Xmit-Rate = 512
Ascend-Data-Rate = 512
Acct-Session-Time = 566934
Acct-Input-Octets = 64704547
Acct-Output-Octets = 103235506
Ascend-Pre-Input-Octets = 0
Ascend-Pre-Output-Octets = 101
Acct-Input-Packets = 260287
Acct-Output-Packets = 274132
Ascend-Pre-Input-Packets = 0
Ascend-Pre-Output-Packets = 5
Acct-Authentic = RADIUS
Acct-Status-Type = Alive
NAS-Port = 1642
Calling-Station-Id = "atm 10"
Called-Station-Id = "0:2.299#184550311##speed:UBR:512#pppoe
00:50:ba:99:e8:b4#/"
Service-Type = Framed-User
NAS-IP-Address = 203.194.30.241
Ascend-Session-Svr-Key = "189124C2"
Event-Timestamp = 1059381904
NAS-Identifier = "LNS02-KENT-SYD.comindico.com.au"
Acct-Delay-Time = 0
User-Name = "[EMAIL PROTECTED]"
NAS-Port-Type = ADSL-DMT
Timestamp = 1059381903
Mon Jul 28 18:45:03 2003: DEBUG: Packet dump:
*** Received from 203.132.224.18 port 1646 ....
Code: Accounting-Response
Identifier: 7
Authentic: <222><133><178><141><175><174><220>b<234><19><1><129><28><183><196><180>
Attributes:
Mon Jul 28 18:45:03 2003: WARNING: Unknown reply received in AuthRADIUS for
request 7 from 203.132.224.18:1646
Mon Jul 28 18:45:03 2003: DEBUG: Packet dump:
*** Received from 203.194.28.131 port 1812 ....
Code: Access-Request
Identifier: 149
Authentic: <245>H<13><241><167>yD<19>Zz<177><139>j<14><187>?
Attributes:
Framed-Protocol = PPP
NAS-Port = 2195
Calling-Station-Id = "atm 10"
Called-Station-Id = "0:2.219#184550111##speed:UBR:256#/"
Service-Type = Framed-User
NAS-IP-Address = 203.194.30.241
NAS-Identifier = "LNS02-KENT-SYD.comindico.com.au"
User-Password = "<142><7><209>0K$<146><168>~<249>!<17>c<179>6y"
User-Name = "[EMAIL PROTECTED]"
NAS-Port-Type = ADSL-DMT
Proxy-State =
BSP2ims01-syd/F5480DF1A77944135A7AB18B6A0EBB3FC0461D8175533E662DEE5203BCF5406FFF62FEF875533BA6E62C4E5DE85C48FE009D00
EE995B23A1158D38CDCE9E7B858C0B927E1B130BC44C9C24C4928C27898D4F9B62197D54C459
Mon Jul 28 18:45:03 2003: DEBUG: Rewrote user name to [EMAIL PROTECTED]
Mon Jul 28 18:45:03 2003: DEBUG: Rewrote user name to [EMAIL PROTECTED]
Mon Jul 28 18:45:03 2003: DEBUG: Handling request with Handler 'User-Name =
[EMAIL PROTECTED]'
Mon Jul 28 18:45:03 2003: DEBUG: Deleting session for [EMAIL PROTECTED],
203.194.30.241, 2195
Mon Jul 28 18:45:03 2003: DEBUG: Handling with Radius::AuthGROUP
Mon Jul 28 18:45:03 2003: DEBUG: Handling with Radius::AuthSQL
Mon Jul 28 18:45:03 2003: DEBUG: Handling with Radius::AuthSQL
Mon Jul 28 18:45:03 2003: DEBUG: Handling with Radius::AuthSQL: DSLUserCheck
Mon Jul 28 18:45:03 2003: DEBUG: Query is: 'select username, extra from users
where username='[EMAIL PROTECTED]'':
Mon Jul 28 18:45:03 2003: DEBUG: Radius::AuthSQL looks for match with
[EMAIL PROTECTED]
Mon Jul 28 18:45:03 2003: DEBUG: Query is: 'select username, extra from users
where username='DEFAULT'':
Mon Jul 28 18:45:03 2003: DEBUG: Radius::AuthSQL looks for match with DEFAULT
Mon Jul 28 18:45:03 2003: DEBUG: Radius::AuthSQL ACCEPT:
Mon Jul 28 18:45:03 2003: DEBUG: Handling with Radius::AuthRADIUS
Mon Jul 28 18:45:03 2003: DEBUG: Query is: 'select R.host1, R.secret,
R.authport, R.acctport, R.rewriteusername,
R.extras from radius R where R.domain='1earth.net'':
Mon Jul 28 18:45:03 2003: DEBUG: Packet dump:
*** Sending to 203.132.224.18 port 1645 ....
Code: Access-Request
Identifier: 2
Authentic: <245>H<13><241><167>yD<19>Zz<177><139>j<14><187>?
Attributes:
Framed-Protocol = PPP
NAS-Port = 2195
Calling-Station-Id = "atm 10"
Called-Station-Id = "0:2.219#184550111##speed:UBR:256#/"
Service-Type = Framed-User
NAS-IP-Address = 203.194.30.241
NAS-Identifier = "LNS02-KENT-SYD.comindico.com.au"
User-Password = "<166>UD<162><159>'<186><205>+Oz<149>L<246><253>-"
User-Name = "[EMAIL PROTECTED]"
NAS-Port-Type = ADSL-DMT
Mon Jul 28 18:45:03 2003: DEBUG: Packet dump:
*** Received from 203.132.224.18 port 1645 ....
Code: Access-Accept
Identifier: 2
Authentic: v<241><242>y<182><254><4><154>bz<245><127><19><238><133>*
Attributes:
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
Mon Jul 28 18:45:03 2003: WARNING: Unknown reply received in AuthRADIUS for
request 2 from 203.132.224.18:1645
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
