Lin Richardson wrote: > Our lesser radius server lives on two physical boxes and listens on > ports 1645/1646 AND 1812/1813 (can freeradius mimic this and listen on > both sets of ports?)
Yes. See "listen" in radiusd.conf. > What we saw were requests coming into freeradius, being processed as > expected, and returning the appropriate response - many Accept responses > clearly visible in the logs. The radius clients however did not accept > these responses and treated them as authentication failure. See the FAQ. Do you have multiple IP's on the machine? > Does anyone have an idea what could have happened here? If a radius > client was talking to server X, and then suddenly recieves a response > from server Y on the same IP / port combination... Huh? What does that mean? "Suddenly", as in... what, exactly? If you shut down the old machine, and start a new machine with the same IP, then RADIUS should work as before, assuming the server configuration is the same. > Nov 29 10:58:48 rad_check_password: Found Auth-Type Accept > Nov 29 10:58:48 rad_check_password: Auth-Type = Accept, accepting the > user > Nov 29 10:58:48 Sending Access-Accept of id 105 to 10.32.251.10 > <http://10.32.251.10> port 32768 > Nov 29 10:58:48 Finished request 0 The Access-Accept contains no attributes. Are you sure you want to do that? The request contained VLAN attributes, so I presume you want to put the user in a VLAN. i.e. Are you sure that you have configured FreeRADIUS to return the SAME response as your old server? If the old server returns a bunch of attributes, and FreeRADIUS doesn't... then the configurations aren't identical, and the clients will behave differently. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html