RE: [RadiusNT] Not Found in ODBC, Checking users file...

Jeff Hopkins ( RadAdmin@Agalis.net )
Fri, 14 May 1999 17:31:38 -0700

RadiusNT is currently running on a PDC. I will work on moving RadiusNT to a
server dedicated for auth. This should help with the response time. What
about the username FramedProtocol? Is this the data retrieved from the DB?
If it was bad data from the PM2 I would think it would fail the TEXT mode
auth?

Decrypted Password: wilma
Database Password: WINNT
(WINNT) User:FramedProtocol Domain: Password:wilma
Not Found in ODBC, Checking users file...

-----Original Message-----
From: Dale E. Reed Jr. [mailto:daler@iea-software.com]
Sent: Thursday, May 13, 1999 5:01 PM
To: radiusnt@iea-software.com
Subject: Re: [RadiusNT] Not Found in ODBC, Checking users file...

RadAdmin wrote:
>
> Below is an example of the problem I am having. A user logs in, gets a
> rejected in ODBC mode, then TEXT mode authenticates him. Notice, below in
> AUTH.LOG, the username being passed to WINNT, FramedProtocol. Sometimes
> it's characters like this, 0]z. Then user is then auth. "Sending Ack of
id
> 10 to d1d264bd (PM2E)"
>
> The next entry in the log file is "radrecv: Request from host d1d264bd
> code=1, id=10, length=78". Well, since the user just auth and is online
> they fails for a concurrent violation. They remain online but everyday I
> get a ton of these entries in the RADLOG table.

The problem is the speed of the authentication. The WINNT sam isn't
a fast authentication, and there is nothing RadiusNT can do about it.

> Sending Ack of id 10 to d1d264bd (PM2E)
> User-Service = Framed-User
> Framed-Protocol = PPP
> Framed-Compression = Van-Jacobsen-TCP-IP
> Framed-MTU = 1500
>
> Resp Time: 3855 Auth: 4/0 -> 3 Acct: 4/0/0 -> 4

The first request comes in an is responded to in almost four seconds.
Typicall a PM will re-send the auth requests in three seconds.
Therefore, it sends the second request, gets the response back from
the first request and uses that response. RadiusNT then NAKs the
second response, but the PM has long completed that request and just
ignores the second response.

Is RadiusNT running on a BDC, PDC, or stand alone server?

-- 

Dale E. Reed Jr. Emerald and RadiusNT__________________________________________IEA Software, Inc. www.iea-software.com