I was really surprised to see how HARC deals with the radius packet identifier. RFC states as clear as posibile: "For retransmissions where the contents are identical, the Identifier MUST remain unchanged.". Yet watching (monitor radius) the id-s of the packets being retransmited I found that hiperArc (4.2.29) assigns diferrent id for the packets being re-sent to radius server for the same accounting request. My question: how is suposed a Radius server to identify the duplicates? TIA, Corneliu - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
Corneliu Rudeanu writes...
I was really surprised to see how HARC deals with the radius packet identifier.
RFC states as clear as posibile: "For retransmissions where the contents are identical, the Identifier MUST remain unchanged.".
Yet watching (monitor radius) the id-s of the packets being retransmited I found that hiperArc (4.2.29) assigns diferrent id for the packets being re-sent to radius server for the same accounting request.
Hah! It's much better than that! (Note the date, too!)
From: Aaron Nabil <nabil@spiritone.com> Subject: (usr-tc) HiperArc BUG, doesn't increment identifier after re-transmit Date: 14 Jun 1998 16:58:15 -0700 (PDT)
The HiperArc has a nasty Radius bug.
If a packet get lost in transit or for some other reason is never acknoweldged, the HiperArc increments the identifier and tries sending it again after the timeout period.
But later, when it comes time to send another request, it has "forgotten" that it previously incremented the identifier and merrily uses the last one again!
Not only does it incorrectly increment the identifier, it then goes on to re-use the same identifier again later! Yes, this is so incredibly broken it's not even imaginable that it hasn't been fixed. But it hasn't.
My question: how is suposed a Radius server to identify the duplicates?
The Radius server is supposed to contact the System Administrator and get him to purchase products from a vendor that knows how to read a RFC, or, failing that, at least fixes problems when they are pointed out to them. -- Aaron Nabil - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
On Tue, 12 Oct 1999, Aaron Nabil wrote:
Corneliu Rudeanu writes...
Yet watching (monitor radius) the id-s of the packets being retransmited I found that hiperArc (4.2.29) assigns diferrent id for the packets being re-sent to radius server for the same accounting request.
Hah! It's much better than that! (Note the date, too!)
From: Aaron Nabil <nabil@spiritone.com> Subject: (usr-tc) HiperArc BUG, doesn't increment identifier after re-transmit Date: 14 Jun 1998 16:58:15 -0700 (PDT)
The HiperArc has a nasty Radius bug.
If a packet get lost in transit or for some other reason is never acknoweldged, the HiperArc increments the identifier and tries sending it again after the timeout period.
But later, when it comes time to send another request, it has "forgotten" that it previously incremented the identifier and merrily uses the last one again!
Not only does it incorrectly increment the identifier, it then goes on to re-use the same identifier again later! Yes, this is so incredibly broken it's not even imaginable that it hasn't been fixed. But it hasn't.
My question: how is suposed a Radius server to identify the duplicates?
The Radius server is supposed to contact the System Administrator and get him to purchase products from a vendor that knows how to read a RFC, or, failing that, at least fixes problems when they are pointed out to them.
Thanks for the prompt response. And my apollogies for re-opening the subject. I do agree with you: things should be good. Yet things are bad. I guess I am not the only one looking for a solution. Does some kind of checksum over acct-session-id, username, status-type worth any thrust? Even this kind of 'hand made' solution would help me. Any advice? TIA, Corneliu Rudeanu - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
We were referred to FUNK Software's Steel-Belted Radius (by a 3com technician). Does anyone have any experience in this and is it better than the current 6.0.9 3com Radius? Hard to believe it could be worse... Any problems known? Ed ----- Original Message ----- From: Corneliu Rudeanu <rudy@dntis.ro> To: <usr-tc@lists.xmission.com> Sent: Tuesday, October 12, 1999 10:49 PM Subject: Re: (usr-tc) Radius question On Tue, 12 Oct 1999, Aaron Nabil wrote:
Corneliu Rudeanu writes...
Yet watching (monitor radius) the id-s of the packets being retransmited I found that hiperArc (4.2.29) assigns diferrent id for the packets being re-sent to radius server for the same accounting request.
Hah! It's much better than that! (Note the date, too!)
From: Aaron Nabil <nabil@spiritone.com> Subject: (usr-tc) HiperArc BUG, doesn't increment identifier after re-transmit Date: 14 Jun 1998 16:58:15 -0700 (PDT)
The HiperArc has a nasty Radius bug.
If a packet get lost in transit or for some other reason is never acknoweldged, the HiperArc increments the identifier and tries sending it again after the timeout period.
But later, when it comes time to send another request, it has "forgotten" that it previously incremented the identifier and merrily uses the last one again!
Not only does it incorrectly increment the identifier, it then goes on to re-use the same identifier again later! Yes, this is so incredibly broken it's not even imaginable that it hasn't been fixed. But it hasn't.
My question: how is suposed a Radius server to identify the duplicates?
The Radius server is supposed to contact the System Administrator and get him to purchase products from a vendor that knows how to read a RFC, or, failing that, at least fixes problems when they are pointed out to them.
Thanks for the prompt response. And my apollogies for re-opening the subject. I do agree with you: things should be good. Yet things are bad. I guess I am not the only one looking for a solution. Does some kind of checksum over acct-session-id, username, status-type worth any thrust? Even this kind of 'hand made' solution would help me. Any advice? TIA, Corneliu Rudeanu - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message. - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
Don't know anything about that one, but if you're going to buy something, I'd suggest taking a look at Radiator. It's written in perl, so it's not the fastest you can get, but you get the source and can make it do *anything* you want. Not that you have to; I've seen a feature request hit the support mailing list and the guys who wrote the package mentioning that they've written it and tossed it on the ftp site...within *hours*. Supports USR style VSAs and interfaces to your favorite sql or odbc database out of the box. On Wed, 13 Oct 1999, Ed wrote:
We were referred to FUNK Software's Steel-Belted Radius (by a 3com technician). Does anyone have any experience in this and is it better than the current 6.0.9 3com Radius? Hard to believe it could be worse...
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
Perl? not sure I want to touch that one ;-) Ed ----- Original Message ----- From: Lon R. Stockton, Jr. <lon@moonstar.com> To: <usr-tc@lists.xmission.com> Sent: Wednesday, October 13, 1999 2:09 AM Subject: Re: (usr-tc) Funk Radius Don't know anything about that one, but if you're going to buy something, I'd suggest taking a look at Radiator. It's written in perl, so it's not the fastest you can get, but you get the source and can make it do *anything* you want. Not that you have to; I've seen a feature request hit the support mailing list and the guys who wrote the package mentioning that they've written it and tossed it on the ftp site...within *hours*. Supports USR style VSAs and interfaces to your favorite sql or odbc database out of the box. On Wed, 13 Oct 1999, Ed wrote:
We were referred to FUNK Software's Steel-Belted Radius (by a 3com technician). Does anyone have any experience in this and is it better than the current 6.0.9 3com Radius? Hard to believe it could be worse...
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message. - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
On Wed, 13 Oct 1999, Ed wrote:
Perl? not sure I want to touch that one ;-)
perl is a big plus though. It can run on many platforms and is fully extensable. The code is very efficient and clean, you would be impressed trust me.
Ed
----- Original Message ----- From: Lon R. Stockton, Jr. <lon@moonstar.com> To: <usr-tc@lists.xmission.com> Sent: Wednesday, October 13, 1999 2:09 AM Subject: Re: (usr-tc) Funk Radius
Don't know anything about that one, but if you're going to buy something, I'd suggest taking a look at Radiator. It's written in perl, so it's not the fastest you can get, but you get the source and can make it do *anything* you want. Not that you have to; I've seen a feature request hit the support mailing list and the guys who wrote the package mentioning that they've written it and tossed it on the ftp site...within *hours*.
Supports USR style VSAs and interfaces to your favorite sql or odbc database out of the box.
On Wed, 13 Oct 1999, Ed wrote:
We were referred to FUNK Software's Steel-Belted Radius (by a 3com technician). Does anyone have any experience in this and is it better than the current 6.0.9 3com Radius? Hard to believe it could be worse...
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
----------------------------------------------------- Brian Feeny (BF304) signal@shreve.net 318-222-2638 x 109 http://www.shreve.net/~signal Network Administrator ShreveNet Inc. (ASN 11881) - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
On Wed, 13 Oct 1999, Lon R. Stockton, Jr. wrote:
Don't know anything about that one, but if you're going to buy something, I'd suggest taking a look at Radiator. It's written in perl, so it's not the fastest you can get, but you get the source and can make it do *anything* you want. Not that you have to; I've seen a feature request
I will second Radiator. As for speed.........well, use the radpwtst program that comes with it, you will be impressed. I know of ISP's with 80,000+ users using Radiator, and they don't seem to have any problems.....
hit the support mailing list and the guys who wrote the package mentioning that they've written it and tossed it on the ftp site...within *hours*.
Supports USR style VSAs and interfaces to your favorite sql or odbc database out of the box.
On Wed, 13 Oct 1999, Ed wrote:
We were referred to FUNK Software's Steel-Belted Radius (by a 3com technician). Does anyone have any experience in this and is it better than the current 6.0.9 3com Radius? Hard to believe it could be worse...
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
----------------------------------------------------- Brian Feeny (BF304) signal@shreve.net 318-222-2638 x 109 http://www.shreve.net/~signal Network Administrator ShreveNet Inc. (ASN 11881) - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
anyone have a URL for these radius servers? Brian Hitchcock -----Original Message----- From: owner-usr-tc@lists.xmission.com [mailto:owner-usr-tc@lists.xmission.com]On Behalf Of Brian Sent: Wednesday, October 13, 1999 10:20 PM To: usr-tc@lists.xmission.com Subject: Re: (usr-tc) Funk Radius On Wed, 13 Oct 1999, Lon R. Stockton, Jr. wrote:
Don't know anything about that one, but if you're going to buy something, I'd suggest taking a look at Radiator. It's written in perl, so it's not the fastest you can get, but you get the source and can make it do *anything* you want. Not that you have to; I've seen a feature request
I will second Radiator. As for speed.........well, use the radpwtst program that comes with it, you will be impressed. I know of ISP's with 80,000+ users using Radiator, and they don't seem to have any problems.....
hit the support mailing list and the guys who wrote the package mentioning that they've written it and tossed it on the ftp site...within *hours*.
Supports USR style VSAs and interfaces to your favorite sql or odbc database out of the box.
On Wed, 13 Oct 1999, Ed wrote:
We were referred to FUNK Software's Steel-Belted Radius (by a 3com technician). Does anyone have any experience in this and is it better than the current 6.0.9 3com Radius? Hard to believe it could be worse...
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
----------------------------------------------------- Brian Feeny (BF304) signal@shreve.net 318-222-2638 x 109 http://www.shreve.net/~signal Network Administrator ShreveNet Inc. (ASN 11881) - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message. - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
radiator http://www.open.com.au/radiator On Wed, 13 Oct 1999, Brian Hitchcock wrote:
anyone have a URL for these radius servers?
Brian Hitchcock
-----Original Message----- From: owner-usr-tc@lists.xmission.com [mailto:owner-usr-tc@lists.xmission.com]On Behalf Of Brian Sent: Wednesday, October 13, 1999 10:20 PM To: usr-tc@lists.xmission.com Subject: Re: (usr-tc) Funk Radius
On Wed, 13 Oct 1999, Lon R. Stockton, Jr. wrote:
Don't know anything about that one, but if you're going to buy something, I'd suggest taking a look at Radiator. It's written in perl, so it's not the fastest you can get, but you get the source and can make it do *anything* you want. Not that you have to; I've seen a feature request
I will second Radiator. As for speed.........well, use the radpwtst program that comes with it, you will be impressed. I know of ISP's with 80,000+ users using Radiator, and they don't seem to have any problems.....
hit the support mailing list and the guys who wrote the package mentioning that they've written it and tossed it on the ftp site...within *hours*.
Supports USR style VSAs and interfaces to your favorite sql or odbc database out of the box.
On Wed, 13 Oct 1999, Ed wrote:
We were referred to FUNK Software's Steel-Belted Radius (by a 3com technician). Does anyone have any experience in this and is it better than the current 6.0.9 3com Radius? Hard to believe it could be worse...
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
----------------------------------------------------- Brian Feeny (BF304) signal@shreve.net 318-222-2638 x 109 http://www.shreve.net/~signal Network Administrator ShreveNet Inc. (ASN 11881)
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
----------------------------------------------------- Brian Feeny (BF304) signal@shreve.net 318-222-2638 x 109 http://www.shreve.net/~signal Network Administrator ShreveNet Inc. (ASN 11881) - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
On Wed, 13 Oct 1999, Brian Hitchcock wrote:
anyone have a URL for these radius servers?
<http://www.open.com.au/radiator/> for Radiator - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
participants (6)
-
Aaron Nabil -
Brian -
Brian Hitchcock -
Corneliu Rudeanu -
Ed -
Lon R. Stockton, Jr.