You may have also been bitten by a problem in certain versions of
SunOS and Solaris (I don't know which versions). The problem is that
you have multiple interfaces on your RADIUS server. The PortMaster is
probably expecting replies that contain the return address of the
RADIUS server, which is probably set to the IP address of the ethernet
interface of your Solaris box on the PM. Under certain conditions on
multi-homed Sun boxes (which is essentially what you do for your
virtual WWW domains) outgoing UDP datagrams can get the wrong IP
address filled in. When the PortMaster sees these packets, it ignores
them since they came from the wrong source. When you turned down the
extra interfaces and restarted the RADIUS server, everything got back
to normal.
Unless I'm right, I won't take responsibility for the above paragraph
as i don't have a lot of experience with SunOS/Solaris :). However,
historically, other UDP servers like BIND have had problems with
multi-homed Sun boxes. I don't know if recent releases of Solaris
have fixed this problem or not. In general, the rule has been to not
run multi-homed Sun boxes.
>>>>> "J" == Joerg SPROCKETS Grau <grau@negia.net> writes:
J>
J> Hi guys,
J> Thanx for the prompt replies. Here is the problem with more detail:
J>
J> I am running radius of my solaris box. I was running 3.1.3. Everything
J> was fine. Then suddenly I noticed that nobody was looged on, I checked
J> the termlog and sure enough every user got an "invalid login" message.
J> Now one user, okay, but EVERY user. I tried to log into the portmaster
J> by telneting from my solaris box and got a timed out message. I pinged
J> and got a "no response" message. First thing: REBOOT (on/off) -> NOTHING.
J> I then used my router terminal to ping
J> the IP address, and sure enough it was "alive". I telnet'ed successfully
J> into the portmaster from my router terminal. I checked all the settings
J> and nothing seemed to be out of the ordinary. I telneted into my unix
J> box from the portmaster and had no problems. I could not ping, even
J> throgh the telnet session I had established from my portmaster.
J>
J> The probelms my customers had, I deducted, were that the PM send an
J> authentication request to the RADIUS server, which resides on my solaris
J> box. The RADIUS server authenticated the users, and then tried to send
J> the result back to the portmaster, which for some reason refused the
J> answer, and thus didn't let the user log on.
J>
J> I called the livingston tech support, which upgraded me to 3.1.4 and put
J> me in the "urgent queue". Last time I called them I got into some queue
J> and they called me back about THREE weeks later.
J>
J> Anyways, here is how I solved the problem.
J>
J> I stoped RADIUS.
J> I started it again.
J> It still didn't work.
J> I then took all the IP addresses my machine listens to down (I am hosting
J> a bunch of other domains (for www purposes), which is done by making your
J> machine listen to different ip numbers...)
J> I then tried it and YES, it worked!!
J> I then, one by one, up'ed the ip numbers again, checking after each one
J> if the ping/telnet'ing still worked, and sure enough, after each it did,
J> and it stil does.
J>
J>
J> I don't know what happened and why, but I didn't LIKE it. If anybody has
J> any idea why this could have happened, I would REALLY appreciate an
J> e-mail about it. As a commercial enterprise my company cannot afford to
J> have to be concerned about the functionality of the terminal server.
J> This is supposed to be one of the market leaders. This kind of
J> un-logical behavior should NOT happen.
-- Jeffrey C. Ollie Iowa Network Services System Administrator