On Fri, 27 Sep 1996, Dan Struthers wrote:
> I think you are referring to sysname, I changed that to portmaster.lgnd.com
> and reset secret to another word.... restarted everything and still no go.
> Now, one additional point, when attempting to authenticate, it takes a very
> long time to return the 'get a life' message invalid login I mean. In the
> order of 20 -30 seconds. Is there some way to trace what the authentication
> mechanism is doing at a packet level?
It is possible you might need to save all, reboot, or something to get the
changes to stick. I don't do much with that part of things.
Go into the raddb directory on the radius server. Look through the
logfile there. That can sometimes be really useful. It will note if it
doesn't know the portmaster at all or if the portmaster is using a
different secret. It sometimes even note if it makes a succesful
authentication. (If it says it sent back an OK but the portmaster never
gets it thats good to know.)
Restart the radiusd with an extra -x flag. That will make it output
debuging info. Try logging in on the third portmaster and see if you get
anything.
> >-----BEGIN PGP SIGNED MESSAGE-----
> >
> >On Thu, 26 Sep 1996, Dan Struthers wrote:
> >
> >> Hi;
> >>
> >> I am hoping someone can help with the following;
> >>
> >>
> >> I have two Class C addresses. I have three portmasters. Two on the first C
> >> and one on the second. The two PM's work fine with radius. My radius server
> >> is on the first C. The one on the second C can log to the server on the
> >> first C but will not authenticate to it. I can ping by address and by name
> >> from one to the other, I can ping from the host to the PM's by name and
> >> address. The only difference that I can see is that the PM on the second C
> >> when it tries to authenticate has the following console entry;
> >>
> >> time date 206.47.47.29 dialnet: port s3 guest login failed
> > ^^^^^^^^^^^^
> >
> >There is an option for telling the portmaster what its name is. Since the
> >syslog entry is generated by the portmaster, that would seem to be the
> >problem.
> >
> >That doesn't really explain why radius wouldn't work though. The DNS is
> >fine (I just checked, ;-) The only remaining possibility is a typo in the
> >clients file on the radius server, or a typo in the secret on the third
> >portmaster. Check the clients file and reenter the secret and see if that
> >fixes it.
> >
> >>
> >> Where my other two PMs have the following;
> >>
> >> time date portmaster.bserv.com dialnet: port s3 guest login ....
> >>
> >> The difference being the name or the address fo the PM. Any ideas?
> >>
> >> Thanks in advance for the help.
> >> ----------------------------------------------------------
> >> Dan Struthers
> >>
> >> The solution to any problem lies in its proper definition.
> >> ----------------------------------------------------------
> >>
> >
> >- ----------------------------------------------------------------------------
> >Steven P. Crain scrain@shore.net http://www.shore.net/~scrain
> >Shore.Net Unix Development and Administration
> >
> >-----BEGIN PGP SIGNATURE-----
> >Version: 2.6.2
> >Comment: Finger me for a public key.
> >
> >iQB1AwUBMkvX9I0DAXSiDippAQFwYgL/cMhSH7+kX7u3Bh0E0XMY+CQZbpznoEtl
> >UirKeAUrGumqVAleMXuP0FrKoAYT4+xgygQNkj+mJT4XhazpV+kqbaKD/foE52Fs
> >+LvjVuLeDStLJnXPQHDpdd/Pn7RlGntT
> >=6uQB
> >-----END PGP SIGNATURE-----
> >
> >
> >
> ----------------------------------------------------------
> Dan Struthers
>
> The solution to any problem lies in its proper definition.
> ----------------------------------------------------------
>
- ----------------------------------------------------------------------------
Steven P. Crain scrain@shore.net http://www.shore.net/~scrain
Shore.Net Unix Development and Administration
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Finger me for a public key.
iQB1AwUBMkvi0o0DAXSiDippAQHpKAMAj6x8tUw/eGlHRcDNJ/SKwKPMoJ/+U43q
JjFr77apkzRbbRAV8bh2dtQgmeHKQH4iqzjeyjlYGtz/RAk7fhqG6uPriwNPmGXu
f+jYrJ94IVo1gfv3r4PIh3QFZ3bnSrNS
=Ulln
-----END PGP SIGNATURE-----