Hello Nico -
Thanks for the mail.
This problem has in fact been discussed on the mailing list several times, and the answer is almost always the same - it is the operating system that decides how to actually send the packet. I am interested however that BindAddress works in your case, as it doesn't on some other platforms.
The mailing list archive is at
www.open.com.au/archives/radiator
A packet sniffer is invaluable in these kinds of situations.
regards
Hugh
On Friday, Feb 28, 2003, at 02:51 Australia/Melbourne, Groot N. de wrote:
On my server I had a difficult to find but easy to remedy problem. After
installing W2K instead of NT 4.0 I used the exact Radiator and config I used
succesfully earlier. My NIC had and has two ip-numbers x.x.x.242(Zope) and
x.x.x.246 (Radius)
Local testing and even testing from another machine was succesfull. But
communication back to the upsteam Radius server which uses AuthRadius was
not longer working. In the log (see below) I could see the request and my
reply back. No problem here. And there was no blocking firewall.
Sniffing eventually showed that the replying ipnumber was 242. And this
source addres was ignored by the upstream Radiator!
So Radiator seems to be using a different number to reply from than the number it received the request on. (tcpdump available)
As I said, easy to remedy by using BindAdress x.x.x.246 Now radiator only listens/replies to/from this address.
Two suggestions:
1. If this behaviour can be confirmed (other platforms?) maybe it should be
changed, or documented.
2. Put the sending address in the trace 4 output
Greetings,
Nico de Groot KTU
snip ---- Thu Feb 27 15:45:29 2003: INFO: Duplicate request id 70 received from 131.211.16.41(41728): ignored Thu Feb 27 15:45:30 2003: DEBUG: Packet dump: *** Received from 131.211.16.41 port 41728 .... Code: Access-Request Identifier: 72 Authentic: 5oS<200><248><208>m<223><219>V<128><153>Y<134><206><253> Attributes: Framed-Protocol = PPP User-Name = "[EMAIL PROTECTED]" User-Password = "T<139><199><132><27><24>d<146>I<198><7><165><155><30>+<168>" NAS-Port-Type = Async Calling-Station-Id = "302539753" Called-Station-Id = "877880070" Service-Type = Framed-User NAS-IP-Address = 195.169.131.8
Thu Feb 27 15:45:30 2003: DEBUG: Handling request with Handler 'Realm=ktu.nl' Thu Feb 27 15:45:30 2003: DEBUG: Rewrote user name to ndegroot Thu Feb 27 15:45:30 2003: DEBUG: Deleting session for [EMAIL PROTECTED], 195.169.131.8, Thu Feb 27 15:45:30 2003: DEBUG: Handling with Radius::AuthFILE: Thu Feb 27 15:45:30 2003: DEBUG: Radius::AuthFILE looks for match with ndegroot Thu Feb 27 15:45:30 2003: DEBUG: Handling with NT Thu Feb 27 15:45:30 2003: DEBUG: Radius::AuthFILE ACCEPT: Thu Feb 27 15:45:30 2003: DEBUG: Access accepted for ndegroot Thu Feb 27 15:45:30 2003: DEBUG: Packet dump: *** Sending to 131.211.16.41 port 41728 .... Code: Access-Accept Identifier: 72 Authentic: 5oS<200><248><208>m<223><219>V<128><153>Y<134><206><253> Attributes:
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
