[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    [SOLVED] FreeRADIUS + LVS problem
From:       "Sam Schultz" <segfault90 () hushmail ! com>
Date:       2007-02-27 18:06:53
Message-ID: 20070227180654.EAA83DA829 () mailserver7 ! hushmail ! com
[Download RAW message or body]

Brief Review:
I had a working FreeRADIUS configuration doing EAP-TTLS wireless 
authentication that broke when put behind a 1:1 NAT/LVS. No faults
were found in the FreeRADIUS configuration, so the NAT configuration
was suspect. It likewise was found to have no faults (it's just a 
single SNAT & a single DNAT rule). After tcpdumping from the 
server, I
discovered that FR was receiving requests via the correct 
interface/IP,
but trying to send them out of a different (virtual) interface/IP. 

Obviously, this won't work, NAT or otherwise. The original test box
was multi-homed, but the interfaces were bonded, so it didn't suffer
from the same problem. The NAT just added an extra layer of
complexity.

The solution was to specifically bind to the correct interface/IP,
just as you would with most daemons on a multi-homed box. This 
would seem to further prove that often the solution is simpler than 
you'd
think :)



--
Click to learn how to become a world famous writer or poet
http://tagline.hushmail.com/fc/CAaCXv1P6EzvmffHZgm792Hv8Cn74zWV/

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]