Re: Radius no show.

Scott Lagos (slagos@net1plus.com)
Fri, 18 Oct 1996 18:08:30 -0400

Samething was happening to us over the past two days. When we saw this
message we moved RADIUSNT to a machine with one NIC and bingo all seems well.

At 03:30 PM 10/18/96 -0400, you wrote:
>The worderful tech support at Livingston have solved my problem. It seems
>that the portmaster was sending the auth request on 'c' #1 and receiveing a
>response on 'c' #2. This, of course, looks suspicious from a security
>standpoint. As it happens, the first 'c's RADIUS server also acts as a
>router to the second 'c' through a SEPARATE NIC with an address in the
>second 'c'. Therefore, I just used that second NIC address as the auth
>address and away we go...
>
>Three cheers (maybe more) for the Livingston tech guys!!!!
>
>>Dan Struthers wrote:
>>>
>>> Hi;
>>>
>>> Thanks for the reply;
>>>
>>> I had temporarily removed the DNS entires of the PM3 box to see if it
>>> would authenticate by address only (it doesn't). I have added it back in
>>> now. As for the two "C"'s on the same wire, yes, I have my 204 UNIX box
>>> acting as a router to the 206 net. It works fine, I can ping, telnet etc
>>> between the two nets. I am at my wits end!
>>>
>>> >Dan Struthers wrote:
>>> >>
>>> >> HELP!!!!!!!
>>> >>
>>> >> I am still having trouble with Radius authentication from 2 ip's. To
>recap;
>>> >> PM1, PM2, DNS and Radius on #1 'C', PM3 and DNS on 2nd 'C'. All
>running BSD.
>>> >>
>>> >> PM1 & 2 console log, activity log and authenticate no problem. PM3
console
>>> >> log, activity log no problem. PM3 WILL NOT authenticate. 20 - 30 second
>>> >> timeout when ID is entered in PM3 before message 'go away'. On 1st 'C''s
>>> >> console we get log message saying login failed. If I add an ID and
>Password
>>> >> to PM3 directly, logs in no problem and the PM3 will generate
activity log
>>> >> for login, off......as it should.
>>> >>
>>> >> I have checked the following;
>>> >>
>>> >> -arp
>>> >> -put PM3 in hosts, hosts.equiv
>>> >> -ping, no prob by name or address
>>> >> -put address of PM3 in clients, no go
>>> >> -tried radius with -x switch, crashed radius
>>> >>
>>
>> One other thing comes to mind ... I think the Radius software has to be
>aware of
>>"network" the Portmaster is calling from ( I seem to remember there is a
>>configuration file with the information in it which denotes the PM "name"
>and the IP
>>address. If this is the case with your version of the Radius software then
>the entry
>>for the PM3 unit may not be setup properly which would keep the Radius from
>>responding to the PM3 unit. Given everything you have done I would start
>looking
>>real hard at the Radius configuration.
>>
>>Hope this "sparks" success ... Good luck!
>>
>>Gary McKinney, Megabits.net Systems Administrator.
>>
>>
>----------------------------------------------------------
>Dan Struthers
>
>The solution to any problem lies in its proper definition.
>----------------------------------------------------------
>
>