On 05/17/2013 03:12 PM, Michael Hulko wrote: > One note after implementing EAPBALANCE. I am getting this in the logs > with a specific user at the moment. > > May 17 07:52:09 riptide-2.vm.its.uwo.pri /usr/bin/radiusd[23274]: > ProxyAlgorithm HASHBALANCE declines to break up an EAP stream after > failover from 129.100.160.133:1645:1646 to 129.100.160.144:1645:1646
> May 17 08:07:39 riptide-2.vm.its.uwo.pri /usr/bin/radiusd[23274]: > AuthRADIUS IVEY: Could not find a working host to forward > asnow...@ivey.ca <mailto:asnow...@ivey.ca> (79) after 20 seconds. Ignoring > May 17 08:07:39 riptide-2.vm.its.uwo.pri /usr/bin/radiusd[23274]: > AuthRADIUS IVEY: No reply after 20 seconds and 3 retransmissions to > 129.100.160.133:1645 for asnow...@ivey.ca <mailto:asnow...@ivey.ca> (64) > My interpretation of these messages is that the server the EAPBALANCE is > trying to send the authentication packets to does not respond in the > appropriate amount of time, the EAPBALANCE Hash does not want to break > the authentication stream, but never times out long enough to move to > another server? > Any input would be helpful. My thought is to lower the values for > Retries etc. You might try this option too. 5.20.64 EAPErrorReject If an EAP error occurs, REJECT instead of IGNORE. The RFCs say that IGNORE is the correct behaviour, but REJECT can work better in some load balancing situations. If the server that does the actual EAP authentication sees errors it will drop the request by returning IGNORE. Thus no reply is sent back and the proxies see timeouts. With EAPErrorReject there is a reply that keeps the proxies from considering the EAP server dead. One thing to look at the logs on the EAP terminating servers and see if they are ignoring requests because of EAP errors. Thanks, Heikki -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator