Re: Stop packet with zero session length causes auth reject?
> > > > Thu Jun 13 20:05:59 2002 : Auth: Login OK: [[EMAIL PROTECTED]] (from nas thenas > > > > port 7171 cli 3045551212) > > > > Thu Jun 13 20:05:59 2002 : Error: rlm_sql: Stop packet with zero session > > > > length. (user '[EMAIL PROTECTED]', nas '12.34.56.78') > > > > > > hmm, usually STOP packets where send from the NAS _after_ the login, not > > > before or during a auth-phase... i think the STOP packet itself is not > > > really the reason for the login-problem. > > > > Ya, I thought it was pretty weird that the Login OK and the Stop packet were > > received at the exact same time.. hmm > > Yes, ...mysterious. Maybe the remote side did not get the expected > response fast enough to complete the authentication within a proper > time and thats why the auth-phase is terminated by a ordinary timeout. > In this case the remote one can send you a STOP packet with a zero > session time to notify a "authentication failure". (I use exactly this > feature on our Cisco NASes.) > > Is your server (or Quests one, or the network between) sometimes a > little bit overloaded to cause such a delay? Mine definitely isn't, but who knows about Qwest's, the network, or the radius server that is proxying to me.. But, I don't see the delay you are referring to? I just see the Login OK and Stop Packet error both being logged at the same second? And this also was only happening to one customer but at various times, so it doesn't seem like a load problem, or at least not one on my end. But, this is probably the only customer I have that dials into this certain location, so it may have been a problem with that particular NAS during those days. Weird > > > have you debugged your NAS to? > > > > Well, it's not exactly my NAS. It's one of Qwests, and it's being proxied to > > me through another radius server. > > Ouuh, I pity you ;-) Ya, lol, me too, but what else can you do when you only have a few hundred customers? > > I had hoped to wait until 0.6 was released though, does anyone know an > > ETA of when that will be? > > I hope soon - the cvs-snapshot report already "0.6" as version number :) Sounds good! Thanks again for the info! Frank - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Users Limit
I am using Redhat Linux 7.2 + FreeRadius 0.5 + Openldap combination. Is it possible to setup redundancy server? I wanted to have on-line synchronization of user DB between to authentication server. [This e-mail is confidential and may also be privileged. If you are not the intended recipient, please delete it and notify us immediately; you should not copy or use it for any purpose, nor disclose its contents to any other person. Thank you.] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Stop packet with zero session length causes auth reject?
tywe wrote: > > > Thu Jun 13 20:05:59 2002 : Auth: Login OK: [[EMAIL PROTECTED]] (from nas thenas > > > port 7171 cli 3045551212) > > > Thu Jun 13 20:05:59 2002 : Error: rlm_sql: Stop packet with zero session > > > length. (user '[EMAIL PROTECTED]', nas '12.34.56.78') > > > > hmm, usually STOP packets where send from the NAS _after_ the login, not > > before or during a auth-phase... i think the STOP packet itself is not > > really the reason for the login-problem. > > Ya, I thought it was pretty weird that the Login OK and the Stop packet were > received at the exact same time.. hmm Yes, ...mysterious. Maybe the remote side did not get the expected response fast enough to complete the authentication within a proper time and thats why the auth-phase is terminated by a ordinary timeout. In this case the remote one can send you a STOP packet with a zero session time to notify a "authentication failure". (I use exactly this feature on our Cisco NASes.) Is your server (or Quests one, or the network between) sometimes a little bit overloaded to cause such a delay? > > > have you debugged your NAS to? > > Well, it's not exactly my NAS. It's one of Qwests, and it's being proxied to > me through another radius server. Ouuh, I pity you ;-) > I had hoped to wait until 0.6 was released though, does anyone know an > ETA of when that will be? I hope soon - the cvs-snapshot report already "0.6" as version number :) Gerald - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Stop packet with zero session length causes auth reject?
Gerald, > > Thu Jun 13 20:05:59 2002 : Auth: Login OK: [[EMAIL PROTECTED]] (from nas thenas > > port 7171 cli 3045551212) > > Thu Jun 13 20:05:59 2002 : Error: rlm_sql: Stop packet with zero session > > length. (user '[EMAIL PROTECTED]', nas '12.34.56.78') > > hmm, usually STOP packets where send from the NAS _after_ the login, not > before or during a auth-phase... i think the STOP packet itself is not > really the reason for the login-problem. Ya, I thought it was pretty weird that the Login OK and the Stop packet were received at the exact same time.. hmm > have you debugged your NAS to? Well, it's not exactly my NAS. It's one of Qwests, and it's being proxied to me through another radius server. And for the most part, nothing bad like this ever happens, so I'm not sure how I should go about debugging it. I guess I was hoping that there was some obvious answer to this problem, but oh well, no such luck. > > Any ideas on why this would have caused the user to be rejected? I have been > > using FR 0.5 since a few days after it was released and haven't had any > > problems reported like this until now. Any suggestions will be greatly > > appreciated. > > i have some other problems with 0.5 (e.g. seg-fault after the first > incomming auth request if "--with-thread-pool" is set) and decide to > use the current cvs snapshot - it seems to be more stable (for me). Ya, I see everyone recommending the CVS versions instead of 0.5, but it hasn't given me a single bit of trouble (except this bit), so I've been reluctant to change anything. I guess if no one has any ideas on how to fix this, I'll go ahead and try upgrading.. I had hoped to wait until 0.6 was released though, does anyone know an ETA of when that will be? Thanks a ton for your reply! Frank - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Stop packet with zero session length causes auth reject?
tywe wrote: > > Hello, > > I just had a customer cancel because they said that they could not log on > for days (and never asked for help with the problem). They said that it was > giving them an invalid username/password error even though they retyped it > many times. > > Anyhow, I looked in the radius.log and see no auth rejects, only Login OK's. > But, on the days that they are complaining about, I see the Stop packet > error like this: > > Thu Jun 13 20:05:59 2002 : Auth: Login OK: [[EMAIL PROTECTED]] (from nas thenas > port 7171 cli 3045551212) > Thu Jun 13 20:05:59 2002 : Error: rlm_sql: Stop packet with zero session > length. (user '[EMAIL PROTECTED]', nas '12.34.56.78') hmm, usually STOP packets where send from the NAS _after_ the login, not before or during a auth-phase... i think the STOP packet itself is not really the reason for the login-problem. have you debugged your NAS to? > Any ideas on why this would have caused the user to be rejected? I have been > using FR 0.5 since a few days after it was released and haven't had any > problems reported like this until now. Any suggestions will be greatly > appreciated. i have some other problems with 0.5 (e.g. seg-fault after the first incomming auth request if "--with-thread-pool" is set) and decide to use the current cvs snapshot - it seems to be more stable (for me). Gerald - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
