(PM) Duplicate radius packets?

Jeff Carneal (jeff@apex.net)
Sat, 13 Feb 1999 14:04:51 -0600 (CST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Tony Harris: "Re: (PM) What the heck is going on with my PM????"
Previous message: Thomas Kinnen: "Re: (PM) What the heck is going on with my PM????"

Firstly, sorry for the crosspost. However, I don't know if this is a
ComOS issue or a radius issue yet, so I figured I'd try both lists.

Using multiple portmaster 3's and a PM4, we're seeing duplicate radius
packets on our primary and secondary radius servers. The portmaster will
first send an auth req packet to the primary server then *immediately*
send one to the secondary server as well. What we end up with is two
servers actively authenticating users at the same time, which isn't quite
right (even if it's a nice load balancing effect).

Here's an example from tcpdump (note we're running ntp and the times of
the servers are in sync):

>From primary radius server:

13:51:02.246130 pm3-2.apex.net.1026 > rad1.apex.net.radius: udp 119
13:51:02.796120 pm3-2.apex.net.1026 > rad1.apex.net.radius: udp 118
13:51:02.866120 pm3-20.apex.net.1026 > rad1.apex.net.radius: udp 96
13:51:03.066120 pm3-2.apex.net.1026 > rad1.apex.net.radius: udp 121
13:51:03.966110 pm4-0.apex.net.1348 > rad1.apex.net.radius: udp 96
13:51:04.046110 rad1.apex.net.radius > pm4-0.apex.net.1348: udp 74
13:51:05.266101 pm3-2.apex.net.1026 > rad1.apex.net.radius: udp 119

>From secondary radius server:

13:51:02.260157 pm3-2.apex.net.1026 > rad2.apex.net.radius: udp 119
13:51:02.808534 pm3-2.apex.net.1026 > rad2.apex.net.radius: udp 118
13:51:02.880487 pm3-20.apex.net.1026 > rad2.apex.net.radius: udp 96
13:51:03.085555 pm3-2.apex.net.1026 > rad2.apex.net.radius: udp 121
13:51:05.283401 pm3-2.apex.net.1026 > rad2.apex.net.radius: udp 119

You'll notice that both pm3-2 and pm3-20 first sent packets to the primary
server then immediately sent packets to the secondary. I believe both of
those ended up being authenticated on the secondary server.

Primary radius server is a linux box running Cistron 1.5.4.3 beta 15,
secondary is a Solaris 2.6 box running Cistron 1.5.4.3 beta 4 or 5. Both
were running beta 4/5 and I upgraded the primary this morning (no change).
About half our PM3's are 3.8.2, the other half are 3.8. Doesn't seem to
matter which ComOS tho, as it happens across all of them (including the
PM4 running 4.03).

The portmasters are setup correctly for primary and secondary
authentication and accounting. So why are we seeing this, and are we the
only ones?

-- Jeff Carneal - Sys Admin - Apex Internet jeff@apex.net http://www.apex.net (502) 442-5363

The opinions expressed above aren't really mine. They belong to someone else who also refuses to take responsibility for them.

- To unsubscribe, email 'majordomo@livingston.com' with 'unsubscribe portmaster-users' in the body of the message. Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>

Next message: Tony Harris: "Re: (PM) What the heck is going on with my PM????"
Previous message: Thomas Kinnen: "Re: (PM) What the heck is going on with my PM????"