On 10/30/2014 11:39 AM, Jethro R Binks wrote: > It seems to be that the act of switching between testing the monolithic > and the frontend/backend is what causes problems. I suspect it is an > interaction between the two ntlm_auth processes (one spawned from each > Radiator) and the winbindd socket.
I tried proxying the inner EAP-MSCHAP-V2 with hash balance to two different instances. In this case all instances, front end and the two back ends, run on the same machine. There were no problems with the two instances starting up ntlm_auth and having them running at the same time while serving the requests. Also, I think that I have not seen problems with multiple ntlm_auth processes running and being active at the same time. In your previous message you pointed out this: Wed Oct 29 16:51:53 2014: DEBUG: EAP Failure, elapsed time -1414601513.92508 The elapsed time looks like zero minus the current time stamp meaning the start_time was not initialised. The start time gets initialised when the EAP Identity message is received. This is the first EAP message in the authentication session and even if it is not strictly required, I have seen all the clients to send it first. In other words, are you sure you are proxying all inner EAP-MSCHAP-V2 requests? > I will try and look into it further later, but if anyone has come across > anything like this or knows more about the ntlm_auth/winbindd interaction > I'd be interested in your comments. I think multiple ntlm_auths should be fine. Thanks, Heikki -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
