Re: [RadiusNT] SNMP concurrency-checking inconsistencies

Josh Hillman ( (no email) )
Wed, 29 Sep 1999 16:12:15 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Nezar Ahmed: "[RadiusNT] two NAS's"
Next message: Josh Hillman: "Re: [RadiusNT] two NAS's"
Maybe in reply to: Josh Hillman: "[RadiusNT] SNMP concurrency-checking inconsistencies"
Next in thread: Dale E. Reed Jr.: "Re: [RadiusNT] SNMP concurrency-checking inconsistencies"

> Josh Hillman wrote:
> >
> > On this past sunday, two of our Max 4048s reset themselves (don't know
why
> > yet) and as a result, the users who were online could no longer log in
> > because Emerald (2.5.278) / RadiusNT (2.5.175) thought they were still
> > online (there were 247 "over login limit" errors before I realized that
> > they reset). I set up the SNMP concurrency checking several weeks ago
and
> > thought that things were running smoothly, but apparently it's not
> > functioning correctly and/or consistently.
> >
> > Below are two login attempts for a test account (dialup via modem) with
a
> > login limit of 1. The first one (and several previous attempts) failed
> > because of "over login limit". The second one displayed below
apparently
> > authenticated successfully, although nothing had changed in the
> > configuration for the account, RadiusNT, or the Max. In the RadLogs,
the
> > Description, "SNMP Check Failed" showed up though. The RadiusNT loading
> > options are at the end.
> >
> > radrecv: Request from host c72cc20e code=1, id=103, length=105
> > Error in packet.
> > Reason: There is no such variable name in this MIB.
> > This name doesn't exist:
enterprises.ascend.sessionStatusGroup.sessionActiveTable.sessionActiveEntry.
ssnActive
> > UserName.303452992
>
From: Dale E. Reed Jr. <daler@iea-software.com>
> This means the OID isn't valid anymore (the session isn't on), and
> therefore,
> fails. Not a big deal, as the returned name is blank, and RadiusNT lets
> the user on (like it should).
>
> > Server:199.44.194.14 SNMPUser:.1.3.6.1.4.1.529.12.3.1.4.303452992
User:
> > Sending Ack of id 103 to c72cc20e (Max 5)
> > Resp Time: 250 Auth: 2/13 -> 15 Acct: 6/0/0 -> 6
>
> I would need to see one of the refusals to see what happened on a
> reject.

I tried duplicating the problem about 30 times since you wrote back and the
only three times that I could get the problem to come up was when RadiusNT
was running as a service. When it's running from the command prompt as
"radius -x18" it authenticated successfully every time.

Any suggestions?

Josh

For more information about this list (including removal) go to:
http://www.iea-software.com/support/maillists/liststart

Previous message: Nezar Ahmed: "[RadiusNT] two NAS's"
Next message: Josh Hillman: "Re: [RadiusNT] two NAS's"
Maybe in reply to: Josh Hillman: "[RadiusNT] SNMP concurrency-checking inconsistencies"
Next in thread: Dale E. Reed Jr.: "Re: [RadiusNT] SNMP concurrency-checking inconsistencies"