The PortMaster failed to authenticate a fourth time today at about 1:30
AM. This time, we took some time to look at it. BTW, this is the 4th
time in about 12 hours that it had done this. The previous times I
simply reentered the "set authentic..." command, which you say resets
that port.
This time, I looked at the "sh netconns" command and it indicated a
Send-Q of 39 for the 1646 UDP port. That port is the RADIUS accounting
port and it's received by another copy of RADIUS running on a separate
host. We also noticed that we had not received ANY accounting data from
the PortMaster for nearly 20 hours.
We checked that host and killed and restarted the RADIUS task on
there. It's normaly kicked by the UDP packets from the PortMaster.
Doing this did not result in any change.
We then issued a "set accounting . . ." command to the portmaster and
had someone attempt to login. At that point, they were able to
authenticate and we received a flood of old accounting data from the Port
Master.
Looks to me like there are two problems here. . .
1. The PortMaster started failing to deliver accounting data to
our RADIUS accounting server sometime early in the morning.
2. The PortMaster stared failing to authenticate some time
thereafter when a certain number of accounting entries became
cueued. (I should note that we knew that this was a problem with
earlier COMOS versions and had discussed this with Livingston at
that time.)
Chuck Scott, Pres.
Freeway, Inc.
cscott@freeway.net