In reply to my own message, the situation has now gotten worse. After making the
Debian package and installing it, even after removing and purging it, the tarball
version now doesn't work.
Perhaps it's something to do with the extra libraries that had to be installed to
make the debian package, I don't know.
Over the weekend I totally removed an file or directory to do with freeradius and
cistron radius.
I started fresh from the freeradius.tar.gz and installed it stock standard.
But it still won't work.
To recap; radiusd -X indicates it's happy, shows incoming auth request, parses the
username & password, ok's it, and sends the reply packet. The proxy at the other
end never get's it, and the login fails.
Here's something interesting though, I set up tcpdump to see if I could see some
extra details and I think I've found something.
The request from the proxy client comes in on 1645, with a return port of 1812,
but radiusd seems to try and ping ? port 1645 on the proxy server end and it
fails. Which it will as their proxy server is listening for the reply on 1812.
Please excuse my tcp/udp lack of knowledge, perhaps the programmers can explain
how I might be able to solve this problem.
thanks
Mervyn
14:23:22.959993 203.194.56.120.1812 > 203.16.135.45.1645: rad-access-req 271 [id
95] Attr[ NAS_ipaddr{203.220.246.49} NAS_port_type{#30} Called_station{142330358
016426} [|radius] (DF)
14:23:22.960038 203.16.135.45 > 203.194.56.120: icmp: 203.16.135.45 udp port 1645
unreachable [tos 0xc0]
14:23:27.934299 203.194.56.120.1812 > 203.16.135.45.1645: rad-access-req 271 [id
95] Attr[ NAS_ipaddr{203.220.246.49} NAS_port_type{#30} Called_station{142330358
016426} [|radius] (DF)
14:23:27.934330 203.16.135.45 > 203.194.56.120: icmp: 203.16.135.45 udp port 1645
unreachable [tos 0xc0]
14:23:32.941657 203.194.56.120.1812 > 203.16.135.45.1645: rad-access-req 271 [id
95] Attr[ NAS_ipaddr{203.220.246.49} NAS_port_type{#30} Called_station{142330358
016426} [|radius] (DF)
14:23:32.941675 203.16.135.45 > 203.194.56.120: icmp: 203.16.135.45 udp port 1645
unreachable [tos 0xc0]
14:23:37.931397 203.194.56.120.1812 > 203.16.135.45.1645: rad-access-req 271 [id
95] Attr[ NAS_ipaddr{203.220.246.49} NAS_port_type{#30} Called_station{142330358
016426} [|radius] (DF)
14:23:37.931418 203.16.135.45 > 203.194.56.120: icmp: 203.16.135.45 udp port 1645
unreachable [tos 0xc0]
Mervyn Jack wrote:
> Hi,
> A bit of background info first.
> I know this is a freeradius list, let me mention the cistron stuff first
> as it's related.
> We rent some dial up ports off a nation wide provider.
> They run a RADIUS proxy server, I dont know which version.
> We run Cistron radius 1.6.1 on debian potato for our own NAS's.
> They insisted we needed 1.6.4 to support long attribute data.
> So we installed debian woody (testing) on a box and installed the 1.6.4
> Cistron radius.
>
> The problem; we would see the request come in and authenticate user and
> send the reply. nothing happens, we know the reply leaves as we set up
> logging of ipchains to watch.
>
> We called in the experts, agents of the nation wide provider. They
> couldn't work it out and temprarily installed Radiator. It worked. The
> outgoing packet info looked exactly the same as our cistron packets.
>
> So we installed freeradius 0.3 as per instructions and tested it and it
> worked. Experts went home.
>
> Here's the kicker. I built the debain package of freeradius, installed it
> and setup the configs exactly as we had done before and it did the same
> thing as the Cistron version did!
>
> The request comes in, authenticates user and the reply data goes out, but
> that's all.
>
> We think it must have something to do with the libraries/programs that the
> debian build uses for both cistron and freeradius.
>
> I'm no expert in source code or compiling so I can't go any further. I
> want to use the debian package so it's easy to upgrade and all the files
> are where we traditionally expect to see them.
>
> If anyone can help I'd be grateful. If you want me to do soemthing to
> capture data or something, just tell me what to do and I'll be glad to
> help.
>
> thanks
> Mervyn
>
> Mervyn Jack, Technical Services, Country Netlink, Cobram, Vic, Australia.
> Providing Internet access to the Goulburn Valley and North East.
> Phone 03 5871 1000 | Fax 03 5871 1874 | Mobile 0409 960 520
> Work: http://www.cnl.com.au | Pers: http://www.cnl.com.au/users/mervynj
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Mervyn Jack, Technical Director, Country Netlink Pty Ltd.
PO Box 529, Cobram, Vic. Australia, 3644
Ph +61 3 5871 1000 Fax +61 3 5871 1874 Mobile 0409 960 520
mailto:[EMAIL PROTECTED] http://www.cnl.com.au ICQ 354419
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
