Scott Lambert wrote: > I decided to simplify and try just using radclient from the new server > and leaving the FreeRADIUS daemon out of it. That also gets replies but > radclient throws them out because it doesn't think it sent the request.
Ok. Both the server and radclient now use the same code to match replies to requests, so it's expected that they will have the same issues. > I suspect that the jail has a lot to do with the problem. Try running a test system outside of the jail. If that works, then the problem will at least be narrowed down to the jail. > If it can't > be worked around, I'm in trouble. In that case I'll try to take it > up with the FreeBSD developers to see if they have any ideas, while I > scrounge up some seperate hardware to run FreeRADIUS on. Or, just install & run it outside of the jail. > tcpdump of the request: ... That looks OK. Another option is to instrument src/lib/packet.c, function lrad_packet_cmp(). Have it print out WHAT it's comparing, and WHEN it's returning. You'll get a lot of spurious output, but you'll also find out why the reply isn't being matched to a request. It may be that the client is binding to one IP address, and the reply is sent (and seen as received by) another IP address. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html