bug-gnu-radius
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Bug-gnu-radius] Occasional Proxy Errors

From: Duane Pauls
Subject: RE: [Bug-gnu-radius] Occasional Proxy Errors
Date: Fri, 27 Aug 2004 11:50:17 -0400 
>> Aug 25 15:00:46 Proxy.error: (Access-Accept 192.168.1.203 23 ""): 
>> Unrecognized proxy reply from server 192.168.1.203, proxy ID 23

> It seems that the server 192.168.1.203 does not preserve Proxy-State
> attribute. This attribute must be left intact for the proxying to work.

I observed this problem again, but this time was capturing the RADIUS
traffic with tcpdump (attached in tcpdumpProxyError.txt).  It looks like
server 203 is maintaining the proxy-state attribute (the last 0x16 bytes of
each message).  The RADIUS packet starts at offset 0x1c into the displayed
data.  The first rad-access-req/rad-access-accept pair is the pair that
caused a Proxy.error by the proxy on server 205.  The second
rad-access-req/rad-access-accept pair is the pair that succeeded.

I don't notice any difference, other than a longer turnaround time in the
failure case and:
- the ID number
- authenticators 
- encrypted passwords (due to different authenticators)
- ID number embedded in proxy state

These are all differences I expect.  I don't know if the longer turnaround
time is somehow exposing this problem?

The logs for proxy server (205) are attached in logProxyError.txt.

This problem is intermittent, and sometimes persists for a while.  This
time, it was a single error and recovered after a the client retried.

Do you have any suggestions for something else I could look at to further
pinpoint the source of this problem?

Regards,
Duane

Attachment: tcpdumpProxyError.txt
Description: Text document

Attachment: logProxyError.txt
Description: Text document

reply via email to
[Prev in Thread] Current Thread [Next in Thread]