Lets assume you have a machine running RadiusNT that has more than
one address. If all the addresses are in the same subnet, NT will
respond with the primary address. This is the LAST address listed
in an ipconfig listing, or the one shown in the TCP/IP config main
screen (not the advanced).
Now, typically the problem comes with multi-homing multiple subnets.
Here is an example:
NAS NT Server NIC 1 NT Server NIC 2
IP: 10.0.0.1 10.0.0.2 10.1.0.2
GW: 10.0.0.254 10.0.0.254 10.1.0.254
In the above example, the RADIUS client (NAS) and the NT server
share a command subnet. Now, First of all I don't recommend
defining two gateways on a machine running RadiusNT. NT does
(what I call) random paths that will affect the next example.
In this situation the IP address that the NAS sends requests
to MUST be 10.0.0.2. If you configure the RADIUS server in
the NAS as 10.1.0.2, NT will respond with the 10.0.0.2 address,
and since the address (10.0.0.2) will NOT be the same as the
address the request was sent to (10.1.0.2), it is considered a
security breach and the NAS will continually re-send the request
as its ignoring the reply.
NAS NT Server NIC 1 NT Server NIC 2
IP: 10.2.0.1 10.0.0.2 10.1.0.2
GW: 10.2.0.254 10.0.0.254 10.1.0.254
The other problem I have seen is like the above. None of the
nices are in the same subnet, and two default gateways are
defines. In this case, NT will use either 10.0.0.2 or
10.1.0.2 as the source of its replies, and I haven't found a
definitive rule as to which is uses. To resolve the problem
here, remove the gateway from the 10.1.0.2 NIC, and use the
10.0.0.2 address as your RADIUS server.
-- Dale E. Reed Jr. (daler@iea-software.com)_________________________________________________________________ IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs Internet Solutions for Today | http://www.iea-software.com