[Emerald] Weird Radius behavior solved!

Thu, 13 Apr 2000 09:19:27 +0800

Hi, id like to share with the list our experience with the problem of
erratic authentication in our radius nt3.0.
The scenario was that some users are able to log in and be authenticated,
then for unexplained reasons, the next day, these same people couldnt be
authenticated by the remote radius server. (This is a roaming scenario).

Yesterday, purely by accident, as i was reviewing the radius admin settings,
i noticed the ip address field. It was set to 'all'. Remembering that this
is a multi-homed machine, i set it to use only one of the 3 ips-- The ip
that was registered with the remote radius server.

And it now works great!

My only problem now, is that the radius NT 3.0 (3.0163) isnt forwarding the
accounting packets to the remote radius server. It is forwarding the
accounting packets back to the originating NAS! (in our case, a USR Total
Control rack). this isnt a problem for us as the calls table correctly
captured the data, and we can do billing based on this.

However, the remote radius implements a one-account, one-login policy, which
meant that if they didnt get the accounting packets, the user in question
could do simultaneous log ins!

I hope someone can share with us, how we can go around this problem, and
send accounting packets also to the remote radius server.

For more information about this list (including removal) go to: