Re: Radius source address

Dale E. Reed Jr. ( (no email) )
Thu, 16 Apr 1998 16:05:37 -0700

Peter A. Sang wrote:
> Getting the same accounting packets over and over again, RadiusNT ACKs
> them correctly, but the NAS keeps retrying.
> AFAIK this is/could be caused by an incorrect/different reply adress
> from the Radius server, but I don't recall how to fix it.
> Who's got the right answer ;) ?

Lets assume you have a machine running RadiusNT that has more than
one address. If all the addresses are in the same subnet, NT will
respond with the primary address. This is the LAST address listed
in an ipconfig listing, or the one shown in the TCP/IP config main
screen (not the advanced).

Now, typically the problem comes with multi-homing multiple subnets.
Here is an example:

NAS NT Server NIC 1 NT Server NIC 2

In the above example, the RADIUS client (NAS) and the NT server
share a command subnet. Now, First of all I don't recommend
defining two gateways on a machine running RadiusNT. NT does
(what I call) random paths that will affect the next example.
In this situation the IP address that the NAS sends requests
to MUST be If you configure the RADIUS server in
the NAS as, NT will respond with the address,
and since the address ( will NOT be the same as the
address the request was sent to (, it is considered a
security breach and the NAS will continually re-send the request
as its ignoring the reply.

NAS NT Server NIC 1 NT Server NIC 2

The other problem I have seen is like the above. None of the
nices are in the same subnet, and two default gateways are
defines. In this case, NT will use either or as the source of its replies, and I haven't found a
definitive rule as to which is uses. To resolve the problem
here, remove the gateway from the NIC, and use the address as your RADIUS server.

-- Dale E. Reed Jr.  (       IEA Software, Inc.      |  RadiusNT, Emerald, and NT FAQs Internet Solutions for Today  |