RE: [USR-TC] Radius Authentication Algorithms.

7 Sep 2002

      Ummm, sounds like an accounting server setup issue. There is a primary and
secondary server, but I thought both are used for logging at the same time.
Maybe you have secondary setup as a "backup" server when you should have
primary backup server set as backup?

That is to say use "set accounting_backup primary first_server" instead of
"set accounting secondary_server"

Just a guess, I can't really imagine the chassis trying to authenticate from
two sources simultaneously, but if it can be done I'm open to learning about
it and why the heck you would want to do that.

Steve Brown
Netease
Santa Rosa, CA
steve[AT]neteze.com
...
-----Original Message-----
From: usr-tc-admin@mailman.xmission.com
[mailto:usr-tc-admin@mailman.xmission.com]On Behalf Of Casen
Sent: Saturday, September 07, 2002 11:29 AM
To: usr-tc@mailman.xmission.com
Subject: [USR-TC] Radius Authentication Algorithms.
Hey List,
We just recently upgraded all of our firmware's to try and solve a
problem we've been having.  All connections made to our TCR equipment
end up getting double logged in our database when the user disconnects.
We had thought the problem might have been a firmware bug, but the
upgrades didn't help, so we dug a little bit deeper.
We run a primary/secondary radius server, and after putting them into
debug mode were able to find that the TCR equipment is authenticating
with both of them, instead of trying the primary before falling back to
the secondary.  Consequently, both servers are logging the connection
information and we end up with twice as many log files as we care for.
:)
Here's a list of the RADIUS settings we have for the ARC.  We suspect
that the problem lies in the 'Authentication Algorithm' but aren't
entirely positive, so I thought I would ask you.
HiPer>> show radius
RADIUS SETTINGS
Fill Null Attributes:                      DISABLED
Attribute Style:                           STANDARD
NAS Port Style :                           DEFAULT
Authentication Algorithm:                  ROUND_ROBIN
Interim Accounting Interval Status:        DISABLED
Interim Accounting Interval:               240 seconds
IEA Radius Source Port Authentication      DISABLED
IEA User Radius supplied username          DISABLED
Send Unauthenticated STOP record           ENABLED
Report Acct IP Addr only for Primary Link: DISABLED
Send only STOP Acct for failed services:   DISABLED
DNIS Authentication Service Type:          10
Configured Authentation Service Type:      0
Radius NAS-PORT id style:                  DENSITY BASED
Radius Resource Reclaim style:             DRAFT
Radius Reboot Indication style:            FALL-THROUGH
Authentication Failure Trap State :        ENABLED
DNIS NAS Port Style :                      DEFAULT
Radius Send Acct for Default User:         ENABLED
HiPer>>
And the options available for the algorithm setting:
HiPer>> set radius authentication_algorithm
CLI - Missing Required Argument(s):
This field is a KEYWORD LIST. The possible values are:
        [ ACTIVE_SERVER FALL_THROUGH PREFERRED ROUND_ROBIN  ]
HiPer>>
Thanks for any help!
Casen
ArosNet Systems Administration
_______________________________________________
USR-TC mailing list
USR-TC@mailman.xmission.com
http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc