Am 14.07.2013 17:28, schrieb Karl Gaissmaier: ... > Worse, it seems that buggy clients with unroutable @Realms trigger > answers with proxy-state stripped. So I get NoreplyTimeouts for > any buggy client request and my upstream connections break away. > > Seems that all german @Realms in eduroam using Radiator have the same > problem, because all of them use the same upstream radsecproxy at DFN, > sigh.
and here is the prove: > Sun Jul 14 17:49:02 2013 177403: DEBUG: Packet dump: > *** Sending request to RadSec radius1.dfn.de:2083 .... > Code: Access-Request > Identifier: 42 > Authentic: U<182><136><130>!<141><232><175><230>y)<234>4<239>9y > Attributes: > User-Name = "uni.ulm.test@akad" > Service-Type = Framed-User > NAS-IP-Address = 203.63.154.1 > NAS-Identifier = "203.63.154.1" > NAS-Port = 1234 > Called-Station-Id = "123456789" > Calling-Station-Id = "987654321" > NAS-Port-Type = Async > EAP-Message = <2><0><0><22><1>uni.ulm.test@akad > Message-Authenticator = <231>+b<159>G<135>2<147><185>$N<192>tw<205>] > Proxy-State = OSC-Extended-Id=42 > > Sun Jul 14 17:49:02 2013 199902: DEBUG: ############### UULM DUMP########## > *** Unmatched Ext-Id in Proxy-State for reply in AuthRADSEC from > radius1.dfn.de:2083.... > Code: Access-Reject > Identifier: 42 > Authentic: <246><223><219>M<179>S<234>VE<26><253><236><25><251>r<17> > Attributes: > Reply-Message = "Misconfigured client! Delete spaces at the end of > the realm!" > again the Proxy-State is stripped, radiator can't match the reply to the request, we get a NoreplyTimeout and the connection goes down afetr some retries. Please test the radiator against radsecproxy in your lab. Best Regards Charly _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator