Well after fooling around with it, I found that the problem was not an ip issue, but with accounting. The message I was getting from my RAS was AUTH: client/server failure which I found usually meant a secret mismatch. I turned on monitoring for auth and accounting on the ras, and I saw I was getting the error message in my RAS syslog ever time it sent an accounting request. I turned off Accounting on my ras and the problem went away and users could authenticate. So I redid my accounting statements in my radius.cfg to be a bit more simple and only logg what I need. I also cleared the mysql accounting table which had around 20k entries in it. It is a slower machine and maybe from what Matt said, it could have been too much. But it seams to be holding steady.
Brian ----- Original Message ----- From: "Hugh Irvine" <[EMAIL PROTECTED]> To: "Brian Fisk" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, June 26, 2003 8:07 PM Subject: Re: (RADIATOR) Radiator freezing intermitantly > > Hello Brian - > > If the machine running Radiator only has a single interface and a > single IP address, then the only reason that the NAS will not receive a > reply and send a retransmission must be due to packets being dropped on > the return path, either because of filters or firewalls or > misconfigured interfaces. > > By definition, if Radiator is receiving the request, processing it and > sending back a reply, then Radiator is operating correctly. > > As mentioned in my previous mail, this sort of problem usually requires > debugging with a packet sniffer to ascertain exactly what is going on. > > regards > > Hugh > > > On Thursday, Jun 26, 2003, at 23:27 Australia/Melbourne, Brian Fisk > wrote: > > > Update: > > > > We are running into the same problem on a machine where we are using > > the > > primary ip address of the system for radiator. A user will dial in > > and our > > equipment will run the radius request, at which I can see radius > > authenticating the user in authlog, but the dialup equip isn't getting > > it > > cause it tries 5 times to auth (the set value) and tells users their > > username and password is invalid. We are using 3com (now utstarcom) > > hiperarc running TCS 4.2 and the newest version of radiator. > > Attached is > > my conf file. I have radius stable on a system now, but when I tried > > to > > move it to this new system it worked. The problem is intermitent. > > > > > > # radius.cfg -JJGracia - Jan2003 > > # > > #Foreground > > #LogStdout > > > > # Use a low trace level in production systems. Increase > > # it to 4 or 5 for debugging, or use the -trace flag to radiusd > > > > > > PidFile /var/run/radiusd.pid > > AuthPort 1645 > > AcctPort 1646 > > #BindAddress 199.234.153.42,199.234.153.3 > > #NasType TotalControlSNMP > > #trace 3 > > > > DbDir /etc/radiator > > DictionaryFile %D/dictionary.usr > > > > LogDir /var/log/radius > > #LogFile %L/%Y%m.log > > #Trace 3 > > > > <Log FILE> > > Filename %L/%Y%m.log > > Trace 3 > > #LogFormat %0:%1:%2 > > LogMicroseconds > > </Log> > > > > <AuthLog FILE> > > Identifier myauthlogger > > Filename %L/authlog > > LogSuccess 1 > > LogFailure 1 > > SuccessFormat %l:%U:%P:OK > > FailureFormat %l:%U:%P:FAIL > > </AuthLog> > > > > <StatsLog FILE> > > Identifier mystatslogger > > Filename %L/statslog > > # Format %0:%1:%2:%23 > > </StatsLog> > > > > <Client localhost> > > Secret tempest > > DupInterval 0 > > </Client> > > > > <Client DEFAULT> > > Secret tempest > > DupInterval 0 > > # NasType TotalControl > > SNMPCommunity private > > </Client> > > > > <SessionDatabase SQL> > > DBSource dbi:mysql:radius:localhost > > DBUsername blue > > DBAuth green > > </SessionDatabase> > > > > <ClientListSQL> > > DBSource dbi:mysql:radius > > DBUsername blue > > DBAuth green > > </ClientListSQL> > > > > <Realm DEFAULT> > > > > > > RewriteUsername s/^([EMAIL PROTECTED]).*/$1/ > > RewriteUsername tr/[A-Z]/[a-z]/ > > RewriteUsername s/\s+//g > > # RewriteUsername tr/A-Za-z0-9_@//cd > > # AcctLogFileName %L/detail > > # WtmpFileName %L/wtmp > > > > <AuthBy SQL> > > > > DBSource dbi:mysql:radius:localhost > > DBUsername blue > > DBAuth green > > > > AuthSelect select PASSWORD,CHECKATTR,REPLYATTR from > > SUBSCRIBERS > > where USERNAME='%n' > > > > AccountingTable ACCOUNTING > > AcctColumnDef USERNAME,User-Name > > AcctColumnDef TIME_STAMP,Timestamp,integer > > AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type > > AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer > > AcctColumnDef > > ACCTINPUTOCTETS,Acct-Input-Octets,integer > > AcctColumnDef > > ACCTOUTPUTOCTETS,Acct-Output-Octets,integer > > AcctColumnDef ACCTSESSIONID,Acct-Session-Id > > AcctColumnDef > > ACCTSESSIONTIME,Acct-Session-Time,integer > > AcctColumnDef ACCTTERMINATECAUSE,Acct_Terminate-Cause > > AcctColumnDef NASIDENTIFIER,NAS-IP-Address > > AcctColumnDef NASIPADDRESS,NAS-Identifier > > AcctColumnDef NASPORT,NAS-Port,integer > > AcctColumnDef ACCTFRAMEDIP,Framed-IP-Address > > AcctColumnDef ACCTFRAMEDNETMASK,Framed-Netmask > > AcctColumnDef ACCTCALLERID,Calling-Station-Id > > AcctColumnDef ACCTCALLEDID,Called-Station-Id > > AcctColumnDef > > MODEMTRAININGTIME,Modem-Training-Time,integer > > AcctColumnDef > > CHASISCALLSLOT,Chassis-Call-Slot,integer > > AcctColumnDef > > CHASISCALLSPAN,Chassis-Call-Span,integer > > AcctColumnDef > > CHASISCALLCHAN,Chassis-Call-Channel,integer > > AcctColumnDef MODULATIONTYPE,Modulation-Type > > AcctColumnDef ERRORCNTL,Error-Control > > AcctColumnDef COMPRESSTYPE,Compression-Type > > AcctColumnDef INTICONNECTRATE,Initial-Connect-Rate > > AcctColumnDef FRAMEDPROTOCOL,Framed-Protocol > > AcctColumnDef SPEEDOFCONNECT, Speed-Of-Connection > > # AcctFailedLogFileName %D/missedaccounting > > </AuthBy> > > AuthLog myauthlogger > > #StatsLog mystatslogger > > </Realm> > > > > > > > > > > > > > > ----- Original Message ----- > > From: "Hugh Irvine" <[EMAIL PROTECTED]> > > To: "Brian Fisk" <[EMAIL PROTECTED]> > > Cc: <[EMAIL PROTECTED]> > > Sent: Friday, June 20, 2003 7:41 PM > > Subject: Re: (RADIATOR) Radiator freezing intermitantly > > > > > >> > >> Hello Brian - > >> > >> On machines with multiple interfaces, this is usually due to the > >> radius > >> response being sent back to the client from a different IP address to > >> that from which the request was received (ie the response was sent via > >> a different interface). > >> > >> Using a sniffer to check the packet flow is usually very helpful > >> (snoop, tcpdump, ethereal, ...). > >> > >> regards > >> > >> Hugh > >> > >> > >> On Friday, Jun 20, 2003, at 23:12 Australia/Melbourne, Brian Fisk > >> wrote: > >> > >>> We had more troubles yesterday and the problem that is happening is > >>> when we > >>> have radiator setup to bind on a secondary ip of the machine. When I > >>> took > >>> out the bind address statement, which should make radiator listen on > >>> all > >>> ip's, it still wouldn't work. I had to set our dialup equipment to > >>> use the > >>> base ip of the machine and then it started working. When a user > >>> tried > >>> to > >>> dial up, they would authenticate, as I could see in my authlog, but > >>> the > >>> dialup equipment kept authenticating them for around 3-4 times before > >>> it > >>> hung up on them. The dialup equipment (total control) was giving me > >>> error > >>> messages that according to the total control website, said that the > >>> secret > >>> key was a mismatch. I think it's an ip issue with the machine but we > >>> will > >>> find out more from testing on monday. > >>> > >>> Brian Fisk > >>> > >>> > >>> > >>> ----- Original Message ----- > >>> From: "Hugh Irvine" <[EMAIL PROTECTED]> > >>> To: "Brian Fisk" <[EMAIL PROTECTED]> > >>> Cc: <[EMAIL PROTECTED]> > >>> Sent: Thursday, June 19, 2003 8:03 PM > >>> Subject: Re: (RADIATOR) Radiator freezing intermitantly > >>> > >>> > >>>> > >>>> Hello Brian - > >>>> > >>>> I will need to see a copy of the configuration file (no secrets) > >>>> together with a trace 4 debug from Radiator showing what is > >>>> happening. > >>>> > >>>> There is also a FAQ item regarding Redhat 8 here: > >>>> > >>>> http://www.open.com.au/radiator/faq.html#127 > >>>> > >>>> regards > >>>> > >>>> Hugh > >>>> > >>>> > >>>> On Friday, Jun 20, 2003, at 02:20 Australia/Melbourne, Brian Fisk > >>>> wrote: > >>>> > >>>>> I have been running radiator on the same server for the last 3 > >>>>> years > >>>>> and it > >>>>> worked perfect. I am now setting up radiator 3.6 on another server > >>>>> using > >>>>> the old config file which was version 2.18.1 > >>>>> > >>>>> I am noticing that radiator will just freeze up for a period of 5 > >>>>> minutes or > >>>>> so. Is there any incompatabilities between the versions for the > >>>>> config > >>>>> file, or can someone suggest a way of logging to diagnose the > >>>>> problem? > >>>>> > >>>>> I am running Redhat 8.0 Linux server1 2.4.18-24.8.0smp #1 SMP Fri > >>>>> Jan > >>>>> 31 > >>>>> 06:03:47 EST 2003 i686 i686 i386 GNU/Linux) > >>>>> > >>>>> > >>>>> === > >>>>> Archive at http://www.open.com.au/archives/radiator/ > >>>>> Announcements on [EMAIL PROTECTED] > >>>>> To unsubscribe, email '[EMAIL PROTECTED]' with > >>>>> 'unsubscribe radiator' in the body of the message. > >>>>> > >>>>> > >>>> > >>>> NB: have you included a copy of your configuration file (no > >>>> secrets), > >>>> together with a trace 4 debug showing what is happening? > >>>> > >>>> -- > >>>> Radiator: the most portable, flexible and configurable RADIUS server > >>>> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > >>>> - > >>>> Nets: internetwork inventory and management - graphical, extensible, > >>>> flexible with hardware, software, platform and database > >>>> independence. > >>>> > >>>> > >>> > >>> > >> > >> NB: have you included a copy of your configuration file (no secrets), > >> together with a trace 4 debug showing what is happening? > >> > >> -- > >> Radiator: the most portable, flexible and configurable RADIUS server > >> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > >> - > >> Nets: internetwork inventory and management - graphical, extensible, > >> flexible with hardware, software, platform and database independence. > >> > >> === > >> Archive at http://www.open.com.au/archives/radiator/ > >> Announcements on [EMAIL PROTECTED] > >> To unsubscribe, email '[EMAIL PROTECTED]' with > >> 'unsubscribe radiator' in the body of the message. > >> > >> > > > > === > > Archive at http://www.open.com.au/archives/radiator/ > > Announcements on [EMAIL PROTECTED] > > To unsubscribe, email '[EMAIL PROTECTED]' with > > 'unsubscribe radiator' in the body of the message. > > > > > > NB: have you included a copy of your configuration file (no secrets), > together with a trace 4 debug showing what is happening? > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
