One note after implementing EAPBALANCE. I am getting this in the logs with a specific user at the moment.
May 17 07:52:09 riptide-2.vm.its.uwo.pri /usr/bin/radiusd[23274]: ProxyAlgorithm HASHBALANCE declines to break up an EAP stream after failover from 129.100.160.133:1645:1646 to 129.100.160.144:1645:1646 May 17 07:52:09 riptide-2.vm.its.uwo.pri /usr/bin/radiusd[23274]: ProxyAlgorithm HASHBALANCE declines to break up an EAP stream after failover from 129.100.160.133:1645:1646 to 129.100.160.144:1645:1646 May 17 07:52:14 riptide-2.vm.its.uwo.pri /usr/bin/radiusd[23274]: ProxyAlgorithm HASHBALANCE declines to break up an EAP stream after failover from 129.100.160.133:1645:1646 to 129.100.160.144:1645:1646 May 17 08:07:39 riptide-2.vm.its.uwo.pri /usr/bin/radiusd[23274]: AuthRADIUS IVEY: Could not find a working host to forward [email protected] (79) after 20 seconds. Ignoring May 17 08:07:39 riptide-2.vm.its.uwo.pri /usr/bin/radiusd[23274]: AuthRADIUS IVEY: Could not find a working host to forward [email protected] (79) after 20 seconds. Ignoring May 17 08:07:39 riptide-2.vm.its.uwo.pri /usr/bin/radiusd[23274]: AuthRADIUS IVEY: No reply after 20 seconds and 3 retransmissions to 129.100.160.133:1645 for [email protected] (64) May 17 08:07:39 riptide-2.vm.its.uwo.pri /usr/bin/radiusd[23274]: AuthRADIUS IVEY: No reply after 20 seconds and 3 retransmissions to 129.100.160.133:1645 for [email protected] (64) Here is the config snippet I have included. <AuthBy EAPBALANCE> Log errorLogger Log western_syslog Identifier IVEY Retries 3 RetryTimeout 5 FailureBackoffTime 20 AuthPort 1645 AcctPort 1646 Secret xxxxxxxxx LocalAddress xxxxxx <Host 129.100.160.144> </Host> <Host 129.100.160.97> </Host> <Host 129.100.160.133> </Host> </AuthBy> My interpretation of these messages is that the server the EAPBALANCE is trying to send the authentication packets to does not respond in the appropriate amount of time, the EAPBALANCE Hash does not want to break the authentication stream, but never times out long enough to move to another server? Any input would be helpful. My thought is to lower the values for Retries etc. MH On 2013-05-10, at 11:41 AM, Michael Hulko wrote: > Thanks for the suggestion.. this seems to alleviate the timeouts that I had > noticed previously. (Log file was sent separately). > > MH > > > > On 2013-05-10, at 5:26 AM, Heikki Vatiainen wrote: > >> On 05/09/2013 11:09 PM, Michael Hulko wrote: >>> We have been requested to try and loadbalance requests to a Campus >>> department with their own Radius (IAS) server for their wireless users. >> >> Hello Michael, >> >> you mentioned campus and wireless LAN which makes me think there is EAP, >> such as PEAP or TTLS, involved. >> >> If so, you would need to use <AuthBy EAPBALANCE> to make sure the EAP >> authentication sessions are always handled by the same IAS server. >> Otherwise you will see failures and timeouts when the IAS servers >> receive requests they are not expecting. >> >> The Trace 4 log was not included, but I'd first check how it works with >> EAPBALANCE. >> >> Thanks, >> Heikki >> >> -- >> Heikki Vatiainen <[email protected]> >> >> Radiator: the most portable, flexible and configurable RADIUS server >> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, >> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, >> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, >> NetWare etc. >> _______________________________________________ >> radiator mailing list >> [email protected] >> http://www.open.com.au/mailman/listinfo/radiator > > > > Michael Hulko > Network Analyst > > Western University Canada > Network Operations Centre > Information Technology Services > 1393 Western Road, SSB 3300CC > London, Ontario N6G 1G9 > > tel: 519-661-2111 x81390 > e-mail: [email protected] <mailto:[email protected]> > > > > > > _______________________________________________ > radiator mailing list > [email protected] > http://www.open.com.au/mailman/listinfo/radiator Michael Hulko Network Analyst Western University Canada Network Operations Centre Information Technology Services 1393 Western Road, SSB 3300CC London, Ontario N6G 1G9 tel: 519-661-2111 x81390 e-mail: [email protected] <mailto:[email protected]>
_______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
