RE: [Emerald] Repost: Proxy Radius Help!

Beachlink Administrator ( (no email) )
Wed, 19 Jul 2000 12:50:32 -0400

> > Trimname was set to "1". I changed it to 3 and restarted
> RADIUS. I still get
> > the same results.
> >
> > RADIUS is not trying to even reach the remote server... it's
> attempting to
> > authenticate locally.
> >
> > BTW, the RADIUSNT version I'm using is 2.5.206
> You might update to a later RadiusNT. 2.5.206 is 7+ months old, and
> there
> have been some updates to the Accounting proxy.

I upgraded to the lastest version posted on the FTP site, and the same
problems still occurred.

> > What am I missing? Is there something else I can check. The client is
> > growing impatient.
> You should open up a support ticket on this. If its a configuration
> issue, then can hop onto your machine and check it out. It looks
> like the config is OK from what you've shown, but without actually
> looking at the machine, its probably not a quick resolve.

I contacted support on this yesterday (and have yet to hear back). In the
meantime, I decided to investigate and troubleshoot even further. It may
sound bizarre, but I think the problem lies in the length of the "shared
secret" between the two Radius servers. As soon as I put in a secret with a
length of 4 (and restarted radius), the attempts were proxied.

The original shared secret was 16 random characters.

I tested this again by putting 1234567890123456 as the secret, and sure
enough my local database was getting queried, not the remote radius server.
As soon as I changed it to a four character secret ("test"), it attempted to
query the remote radius server. I then tried an 8 character secret
("testtest") and it worked as well.

Now I am waiting for the client ISP to change their secret to 8 characters
so we can go into production.

What gives? This has caused countless days of headaches and nearly ruined a
soon-to-be-profitable relationship with another ISP. I blamed them and they
blamed me... when it seems now that RADIUSNT was at fault, which means I am
at fault. The SECRET column in RadRoamServers *is* setup as varchar(16).


Gary Walworth
Beachlink Network Administrator

For more information about this list (including removal) go to: