> Hi guys,
> Thanx for the prompt replies. Here is the problem with more detail:
>
> I am running radius of my solaris box. I was running 3.1.3. Everything
> was fine. Then suddenly I noticed that nobody was looged on, I checked
> the termlog and sure enough every user got an "invalid login" message.
> Now one user, okay, but EVERY user. I tried to log into the portmaster
> by telneting from my solaris box and got a timed out message. I pinged
> and got a "no response" message. First thing: REBOOT (on/off) -> NOTHING.
Did you reboot your machine? It sounds like netstart didn't run, or your
Ethernet wasn't properly configured. You might want to check your
/etc/netstart file. It might also be located as /etc/rc.d/rc.inet1.
Also, did you do a ps -ax and look for radiusd? It might not have been
running. Did you kill -9 any stray processes and slip? I would have
checked these things long before I went to the router or Portmaster.
Also, did you do an ifconfig on your Ethernet interface on your Sun to
make sure it was properly running? Did you do a netstat -nr and check to
see that your routing table was okay? Were there routes to your router
and Portmaster?
> I then used my router terminal to ping
> the IP address, and sure enough it was "alive". I telnet'ed successfully
> into the portmaster from my router terminal. I checked all the settings
> and nothing seemed to be out of the ordinary. I telneted into my unix
> box from the portmaster and had no problems. I could not ping, even
> throgh the telnet session I had established from my portmaster.
> The probelms my customers had, I deducted, were that the PM send an
> authentication request to the RADIUS server, which resides on my solaris
> box. The RADIUS server authenticated the users, and then tried to send
> the result back to the portmaster, which for some reason refused the
> answer, and thus didn't let the user log on.
RADIUS won't reject a telnet to the Portmaster from your Sun box. It
won't reject ICMP packets either, for that matter... unless an input
filter is residing on it. It sounds like your network was/is misconfigured.
Remember, the obvious problems are always the ones you forget first.
> I called the livingston tech support, which upgraded me to 3.1.4 and put
> me in the "urgent queue". Last time I called them I got into some queue
> and they called me back about THREE weeks later.
Are you sure they put you into the urgent queue? I've always been called
back within three hours when I've called with a network down problem.
If you politely (and calmly) let the front-end people you talk to know
that your network is down, and you'd appreciate a call back soon, they
will call you back as soon as possible. The longest I've -ever- waited
was two days, and that was for a minor question regarding SNMP.
> Anyways, here is how I solved the problem.
> I stoped RADIUS.
> I started it again.
> It still didn't work.
> I then took all the IP addresses my machine listens to down (I am hosting
> a bunch of other domains (for www purposes), which is done by making your
> machine listen to different ip numbers...)
> I then tried it and YES, it worked!!
> I then, one by one, up'ed the ip numbers again, checking after each one
> if the ping/telnet'ing still worked, and sure enough, after each it did,
> and it stil does.
Sounds like a problem with your Sun...
> I don't know what happened and why, but I didn't LIKE it. If anybody has
> any idea why this could have happened, I would REALLY appreciate an
> e-mail about it. As a commercial enterprise my company cannot afford to
> have to be concerned about the functionality of the terminal server.
> This is supposed to be one of the market leaders. This kind of
> un-logical behavior should NOT happen.
The Portmaster didn't affect your network -- it sounds like your
interface went down. Once again, a simple interface check would have
saved you a lot of pain and trouble with that one. I hope this will help
you with debugging your network in the future and I wish you nothing but
the best of luck.
Sincerely,
Phil Jensen _\\|//_
News Administrator (-0-0-)
---------------------------------------------------------------ooO-(_)-Ooo----
ValleyNet Communications - Central California's Premier Internet Provider
------------------------------------------------------------------------------
Voice: (209) 486-VNET (8638) 2300 Tulare, Suite 100
Fax: (209) 495-4940 Fresno, CA 93721-2226
Data: (209) 495-4950 http://www.valleynet.com
==============================================================================