(RADIATOR) unknown ports
I use Radiator 2.18.3. I noticed that the server binds to three UDP ports that aren't listed in my configuration, and appear to have random port numbers (all greater than 1024). I am using both the authentication and accounting features, and I use AuthBy RADIUS to proxy authentication requests. In the current incarnation of the daemon, it is bound to 1645 and 1646 (which is expected because I use those for authentication and accounting) and also 2837, 2789, and 1443. It seems that there are always three ports, but the port numbers change over time (it takes perhaps a day to notice a change). Is this a normal part of a radius server and/or a normal part of Radiator? It seems a bit strange to me that the server is bound to ports that don't appear to be in use. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) unknown ports
Ronan Eckelberry wrote: Most likely those ports are opened to communicate with the other RADIUS and/or SQL servers that you are proxying to. Do a netstat to see what addresses that they are connected to. You will probably see that it is the other servers. RADIUS RECEIVES Authentication and Accounting requests on 1645 and 1646 (Or whatever ports you configure in your cfg file), but for it to proxy the info, it will have to open up another connection on another port to connect to the other RADIUS servers. You will probably see that they are connecting to another address on port 1645 or 1646. According to netstat, for each of the unusual ports that I see open, the Remote address is 0.0.0.0.*, which on my linux system indicates that the port is bound locally and accepting connections. UDP ports that are bound on both ends rarely show up in netstat, because they are ephemeral. These port bindings are persistent, lasting about a day. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jim Liebgott Sent: Thursday, 07 March, 2002 13:21 To: [EMAIL PROTECTED] Subject: (RADIATOR) unknown ports I use Radiator 2.18.3. I noticed that the server binds to three UDP ports that aren't listed in my configuration, and appear to have random port numbers (all greater than 1024). I am using both the authentication and accounting features, and I use AuthBy RADIUS to proxy authentication requests. In the current incarnation of the daemon, it is bound to 1645 and 1646 (which is expected because I use those for authentication and accounting) and also 2837, 2789, and 1443. It seems that there are always three ports, but the port numbers change over time (it takes perhaps a day to notice a change). Is this a normal part of a radius server and/or a normal part of Radiator? It seems a bit strange to me that the server is bound to ports that don't appear to be in use. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) unknown ports
Ronan Eckelberry wrote: And you only see these ports open when you are running Radiator. If you kill radiusd, the ports are no longer open? indeed. Furthermore, I use the -p option to netstat, which displays the process ID that has bound a given port, and those ports are conclusively bound by the radiusd daemon process. As an update, it looks like the socket bindings are more persistent than I thought. They don't change after a day; I was mistaken when I said that earlier. I haven't seen these sockets close and re-open like I previously indicated, I was confusing the port numbers from two different servers. On each server, the sockets bindings haven't changed. -Original Message- From: Jim Liebgott [mailto:[EMAIL PROTECTED]] Sent: Thursday, 07 March, 2002 14:30 To: Ronan Eckelberry Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) unknown ports Ronan Eckelberry wrote: Most likely those ports are opened to communicate with the other RADIUS and/or SQL servers that you are proxying to. Do a netstat to see what addresses that they are connected to. You will probably see that it is the other servers. RADIUS RECEIVES Authentication and Accounting requests on 1645 and 1646 (Or whatever ports you configure in your cfg file), but for it to proxy the info, it will have to open up another connection on another port to connect to the other RADIUS servers. You will probably see that they are connecting to another address on port 1645 or 1646. According to netstat, for each of the unusual ports that I see open, the Remote address is 0.0.0.0.*, which on my linux system indicates that the port is bound locally and accepting connections. UDP ports that are bound on both ends rarely show up in netstat, because they are ephemeral. These port bindings are persistent, lasting about a day. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jim Liebgott Sent: Thursday, 07 March, 2002 13:21 To: [EMAIL PROTECTED] Subject: (RADIATOR) unknown ports I use Radiator 2.18.3. I noticed that the server binds to three UDP ports that aren't listed in my configuration, and appear to have random port numbers (all greater than 1024). I am using both the authentication and accounting features, and I use AuthBy RADIUS to proxy authentication requests. In the current incarnation of the daemon, it is bound to 1645 and 1646 (which is expected because I use those for authentication and accounting) and also 2837, 2789, and 1443. It seems that there are always three ports, but the port numbers change over time (it takes perhaps a day to notice a change). Is this a normal part of a radius server and/or a normal part of Radiator? It seems a bit strange to me that the server is bound to ports that don't appear to be in use. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) unknown ports
Hugh Irvine wrote: Thanks for sending the configuration file. Each AuthBy RADIUS clause opens a port at initialisation time to send and receive requests to the target proxy host. The portnumber is allocated by the OS unless overridden with the OutPort parameter, and the port is held open during the whole time that Radiator is running. Have a look at the code in Radius/AuthRADIUS.pm. I see. That makes sense to me. Thanks for explaining. I had assumed that each new request opened a new socket to the proxy host and closed it when a reply was received. I imagine that you have reduced per-request overhead with your implementation. On Fri, 8 Mar 2002 09:58, you wrote: Hugh Irvine wrote: The only ports that Radiator opens by default are the authentication and accounting ports. Any other ports that you see will be the result of your configuration file. As Ronan says, if you send me a copy of your configuration file (no secrets) I will take a look. I have attached my config file. It uses an include directive to run a program to generate more config, so I have attached that program as well. The config info generated by the program only contains Client directives. On Fri, 8 Mar 2002 07:35, Ronan Eckelberry wrote: Really? What does your config look like? I'm not sure what time it is in Australia probably between 3-5am, but when Hugh gets in he will probably have the answer. Hugh usually has the answers. He will probably ask for a copy of your config (no secrets) and a Trace 5 debug from you log. That's weird. You may have something in your config that is opening those ports. -Ronan -Original Message- From: Jim Liebgott [mailto:[EMAIL PROTECTED]] Sent: Thursday, 07 March, 2002 15:03 To: Ronan Eckelberry Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) unknown ports Importance: High Ronan Eckelberry wrote: And you only see these ports open when you are running Radiator. If you kill radiusd, the ports are no longer open? indeed. Furthermore, I use the -p option to netstat, which displays the process ID that has bound a given port, and those ports are conclusively bound by the radiusd daemon process. As an update, it looks like the socket bindings are more persistent than I thought. They don't change after a day; I was mistaken when I said that earlier. I haven't seen these sockets close and re-open like I previously indicated, I was confusing the port numbers from two different servers. On each server, the sockets bindings haven't changed. -Original Message- From: Jim Liebgott [mailto:[EMAIL PROTECTED]] Sent: Thursday, 07 March, 2002 14:30 To: Ronan Eckelberry Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) unknown ports Ronan Eckelberry wrote: Most likely those ports are opened to communicate with the other RADIUS and/or SQL servers that you are proxying to. Do a netstat to see what addresses that they are connected to. You will probably see that it is the other servers. RADIUS RECEIVES Authentication and Accounting requests on 1645 and 1646 (Or whatever ports you configure in your cfg file), but for it to proxy the info, it will have to open up another connection on another port to connect to the other RADIUS servers. You will probably see that they are connecting to another address on port 1645 or 1646. According to netstat, for each of the unusual ports that I see open, the Remote address is 0.0.0.0.*, which on my linux system indicates that the port is bound locally and accepting connections. UDP ports that are bound on both ends rarely show up in netstat, because they are ephemeral. These port bindings are persistent, lasting about a day. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jim Liebgott Sent: Thursday, 07 March, 2002 13:21 To: [EMAIL PROTECTED] Subject: (RADIATOR) unknown ports I use Radiator 2.18.3. I noticed that the server binds to three UDP ports that aren't listed in my configuration, and appear to have random port numbers (all greater than 1024). I am using both the authentication and accounting features, and I use AuthBy RADIUS to proxy authentication requests. In the current incarnation of the daemon, it is bound to 1645 and 1646 (which is expected because I use those for authentication and accounting) and also 2837, 2789, and 1443. It seems that there are always three
(RADIATOR) [Fwd: trouble with Radiator evaluation]
My company, Epoch Internet, is evaluation the Radiator radius server software. We have installed the evaluation version and configured it as a proxy server. It works fine when proxying requests to our Ascend radius server, but doesn't work when proxying requests to a server that belongs to one of our customers (I don't know which radius server software they use). Below is the portion of the trace 4 log that shows the test (using radpwtst on localhost). As you can see from the log, a response is returned to the proxy and parsed, but that response is for some reason not accepted. Any idea why? Thu Aug 30 13:47:23 2001: DEBUG: Packet dump: *** Received from 127.0.0.1 port 3449 Code: Access-Request Identifier: 203 Authentic: 1234567890123456 Attributes: User-Name = HLC/FCC/grtools Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = 17611233K131+724824190185171188230 Thu Aug 30 13:47:23 2001: DEBUG: Check if Handler User-Name = /^HLC\/FCC\/grtools/i should be used to handle this request Thu Aug 30 13:47:23 2001: DEBUG: Handling request with Handler 'User-Name = /^HLC\/FCC\/grtools/i' Thu Aug 30 13:47:23 2001: DEBUG: Deleting session for HLC/FCC/grtools, 203.63.154.1, 1234 Thu Aug 30 13:47:23 2001: DEBUG: Handling with Radius::AuthRADIUS Thu Aug 30 13:47:23 2001: DEBUG: Packet dump: *** Sending to 216.133.92.135 port 1647 Code: Access-Request Identifier: 1 Authentic: 1234567890123456 Attributes: User-Name = HLC/FCC/grtools Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = t182E207199R231132:IO7176229?22 Thu Aug 30 13:47:23 2001: DEBUG: Packet dump: *** Received from 216.133.92.135 port 1647 Code: Access-Accept Identifier: 1 Authentic: 20419Y2260178j205191183-149195175:[ Attributes: Service-Type = Framed-User Framed-Protocol = PPP Thu Aug 30 13:47:23 2001: WARNING: Unknown reply received in AuthRADIUS for request 1 from 216.133.92.135:1647 Thu Aug 30 13:47:28 2001: DEBUG: Timed out, retransmitting
