> >The PM, however, seems to be ignoring these replies
>
> This is key, the Portmaster will ignore replies from the host running RADIUS
> if the packets are coming from an address other than the address set in the
> global settings for the RADIUS host. This would be consistent with the
> "requester address mismatch" message you are receiving.
Yes, but remember I said that the times of the "requester address
mismatch" did not coincide with the failover occurrances. Plus, the
mismatch messages are Radius complaining that the request is coming
from a host not in the clients file, which seems to be a separate
problem. "Normally" we see an occasional mismatch error with 0.0.0.0 as
the client address, but these here have a valid ip...
> To watch the return RADIUS packets use the following:
>
> This packet filter will show all RADIUS packets returning to the Portmaster.
> It will NOT show RADIUS packets orginating from the Portmaster.
>
> This is a very useful tool in debugging RADIUS problems. If the RADIUS
> packet is returning from an ip address that differs from the ip address (or
> the ip address of the hostname) that appears for the RADIUS server with the
> "show global" command, then the packet is discarded.
Will it also show any packets coming in from a "wrong" IP address? i.e, one
neither the primary or alternate auth host? Or will it be discarded before
it gets that far?
Ran the ptrace for a couple hours. Trimmed a bunch of "good" requests
to the primary auth host (199.183.254.131) from the top. The alternate
is 199.183.254.4, and there is no real reason that the PM should be
consulting it at this time. The trace output doesn't seem to do anything
but confirm what we already know.
Can you get anything useful out of this?
UDP from 199.183.254.131.1645 to 199.183.254.130.1026
UDP from 199.183.254.131.1645 to 199.183.254.130.1026
UDP from 199.183.254.131.1645 to 199.183.254.130.1026
UDP from 199.183.254.131.1645 to 199.183.254.130.1026
UDP from 199.183.254.4.1645 to 199.183.254.130.1026
UDP from 199.183.254.131.1645 to 199.183.254.130.1026
UDP from 199.183.254.4.1645 to 199.183.254.130.1026
UDP from 199.183.254.131.1645 to 199.183.254.130.1026
UDP from 199.183.254.131.1645 to 199.183.254.130.1026
UDP from 199.183.254.131.1645 to 199.183.254.130.1026
UDP from 199.183.254.4.1645 to 199.183.254.130.1026
UDP from 199.183.254.131.1645 to 199.183.254.130.1026
UDP from 199.183.254.131.1645 to 199.183.254.130.1026
UDP from 199.183.254.131.1645 to 199.183.254.130.1026
UDP from 199.183.254.4.1645 to 199.183.254.130.1026
UDP from 199.183.254.131.1645 to 199.183.254.130.1026
UDP from 199.183.254.4.1645 to 199.183.254.130.1026
UDP from 199.183.254.131.1645 to 199.183.254.130.1026
UDP from 199.183.254.131.1645 to 199.183.254.130.1026
UDP from 199.183.254.131.1645 to 199.183.254.130.1026
UDP from 199.183.254.131.1645 to 199.183.254.130.1026
UDP from 199.183.254.4.1645 to 199.183.254.130.1026
UDP from 199.183.254.131.1645 to 199.183.254.130.1026
UDP from 199.183.254.131.1645 to 199.183.254.130.1026
==============================================================================
Jim Bender, System Manager | For long you live and high you fly |
Business Data Systems, Inc. | but only if you ride the tide |
jbender@bdsnet.com | and balanced on the biggest wave |
http://www.bdsnet.com/ | you race towards an early grave |
==============================================================================