Thanks for the input, I will look at the trace 4 messages for errors and states. I am not sure that this is the same type of situation that Neil is describing from Eduroam as this is an internal proxy setup for a dept who looks after their own AD etc...
MH On 2013-05-17, at 12:50 PM, Christopher Bongaarts wrote: > IIRC, this is the symptom we saw when our wireless controllers weren't > returning all of the State attributes (see the thread from Neil at Iowa). > For diagnosis, bump your Trace level up to 4 for a while, and observe the > State attributes being sent and returned. > > On 5/17/2013 7:12 AM, Michael Hulko wrote: >> One note after implementing EAPBALANCE. I am getting this in the logs with >> a specific user at the moment. >> >> May 17 07:52:09 riptide-2.vm.its.uwo.pri /usr/bin/radiusd[23274]: >> ProxyAlgorithm HASHBALANCE declines to break up an EAP stream after failover >> from 129.100.160.133:1645:1646 to 129.100.160.144:1645:1646 >> May 17 07:52:09 riptide-2.vm.its.uwo.pri /usr/bin/radiusd[23274]: >> ProxyAlgorithm HASHBALANCE declines to break up an EAP stream after failover >> from 129.100.160.133:1645:1646 to 129.100.160.144:1645:1646 >> May 17 07:52:14 riptide-2.vm.its.uwo.pri /usr/bin/radiusd[23274]: >> ProxyAlgorithm HASHBALANCE declines to break up an EAP stream after failover >> from 129.100.160.133:1645:1646 to 129.100.160.144:1645:1646 >> >> May 17 08:07:39 riptide-2.vm.its.uwo.pri /usr/bin/radiusd[23274]: AuthRADIUS >> IVEY: Could not find a working host to forward asnow...@ivey.ca (79) after >> 20 seconds. Ignoring >> May 17 08:07:39 riptide-2.vm.its.uwo.pri /usr/bin/radiusd[23274]: AuthRADIUS >> IVEY: Could not find a working host to forward asnow...@ivey.ca (79) after >> 20 seconds. Ignoring >> May 17 08:07:39 riptide-2.vm.its.uwo.pri /usr/bin/radiusd[23274]: AuthRADIUS >> IVEY: No reply after 20 seconds and 3 retransmissions to >> 129.100.160.133:1645 for asnow...@ivey.ca (64) >> May 17 08:07:39 riptide-2.vm.its.uwo.pri /usr/bin/radiusd[23274]: AuthRADIUS >> IVEY: No reply after 20 seconds and 3 retransmissions to >> 129.100.160.133:1645 for asnow...@ivey.ca (64) >> >> >> >> Here is the config snippet I have included. >> >> <AuthBy EAPBALANCE> >> Log errorLogger >> Log western_syslog >> Identifier IVEY >> Retries 3 >> RetryTimeout 5 >> FailureBackoffTime 20 >> AuthPort 1645 >> >> AcctPort 1646 >> >> Secret xxxxxxxxx >> LocalAddress xxxxxx >> >> <Host 129.100.160.144> >> </Host> >> >> <Host 129.100.160.97> >> </Host> >> >> <Host 129.100.160.133> >> </Host> >> >> </AuthBy> >> >> My interpretation of these messages is that the server the EAPBALANCE is >> trying to send the authentication packets to does not respond in the >> appropriate amount of time, the EAPBALANCE Hash does not want to break the >> authentication stream, but never times out long enough to move to another >> server? >> Any input would be helpful. My thought is to lower the values for Retries >> etc. >> >> >> MH >> >> >> On 2013-05-10, at 11:41 AM, Michael Hulko wrote: >> >>> Thanks for the suggestion.. this seems to alleviate the timeouts that I had >>> noticed previously. (Log file was sent separately). >>> >>> MH >>> >>> >>> >>> On 2013-05-10, at 5:26 AM, Heikki Vatiainen wrote: >>> >>>> On 05/09/2013 11:09 PM, Michael Hulko wrote: >>>>> We have been requested to try and loadbalance requests to a Campus >>>>> department with their own Radius (IAS) server for their wireless users. >>>> >>>> Hello Michael, >>>> >>>> you mentioned campus and wireless LAN which makes me think there is EAP, >>>> such as PEAP or TTLS, involved. >>>> >>>> If so, you would need to use <AuthBy EAPBALANCE> to make sure the EAP >>>> authentication sessions are always handled by the same IAS server. >>>> Otherwise you will see failures and timeouts when the IAS servers >>>> receive requests they are not expecting. >>>> >>>> The Trace 4 log was not included, but I'd first check how it works with >>>> EAPBALANCE. >>>> >>>> Thanks, >>>> Heikki >>>> >>>> -- >>>> Heikki Vatiainen <h...@open.com.au> >>>> >>>> Radiator: the most portable, flexible and configurable RADIUS server >>>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >>>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, >>>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, >>>> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, >>>> NetWare etc. >>>> _______________________________________________ >>>> radiator mailing list >>>> radiator@open.com.au >>>> http://www.open.com.au/mailman/listinfo/radiator >>> >>> >>> >>> Michael Hulko >>> Network Analyst >>> >>> Western University Canada >>> Network Operations Centre >>> Information Technology Services >>> 1393 Western Road, SSB 3300CC >>> London, Ontario N6G 1G9 >>> >>> tel: 519-661-2111 x81390 >>> e-mail: mihu...@uwo.ca <mailto:mihu...@uwo.ca> >>> >>> >>> >>> >>> >>> _______________________________________________ >>> radiator mailing list >>> radiator@open.com.au >>> http://www.open.com.au/mailman/listinfo/radiator >> >> >> >> Michael Hulko >> Network Analyst >> >> Western University Canada >> Network Operations Centre >> Information Technology Services >> 1393 Western Road, SSB 3300CC >> London, Ontario N6G 1G9 >> >> tel: 519-661-2111 x81390 >> e-mail: mihu...@uwo.ca <mailto:mihu...@uwo.ca> >> >> >> >> >> >> >> >> _______________________________________________ >> radiator mailing list >> radiator@open.com.au >> http://www.open.com.au/mailman/listinfo/radiator > > > -- > %% Christopher A. Bongaarts %% c...@umn.edu %% > %% OIT - Identity Management %% http://umn.edu/~cab %% > %% University of Minnesota %% +1 (612) 625-1809 %% > _______________________________________________ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator Michael Hulko Network Analyst Western University Canada Network Operations Centre Information Technology Services 1393 Western Road, SSB 3300CC London, Ontario N6G 1G9 tel: 519-661-2111 x81390 e-mail: mihu...@uwo.ca <mailto:mihu...@uwo.ca>
_______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator