Re: [Emerald] Ouch! RadiusNT problem with 3com chassis

Rudy Komsic ( (no email) )
Tue, 21 Sep 1999 19:54:50 -0400

----- Original Message -----
From: Dale E. Reed Jr. <daler@iea-software.com>
To: <emerald@iea-software.com>
Sent: Tuesday, September 21, 1999 7:33 PM
Subject: Re: [Emerald] Ouch! RadiusNT problem with 3com chassis

> Donn Lasher wrote:
> >
> > Is anyone else seeing this?
> >
> > 1. 3com chassis (either Hyper or Quad w/latest code) set with primary &
> > secondary accounting. Primary set to RadiusNT. Secondary set to Unix
machine.
> >
> > 2. user logs off - stop record shows up on the Unix machine, instantly.
> > However, RadiusNT and emerald shows the guy still logged in.
> >
> > 3. the guy tries to log on again, and Radius NT fails him, saying "Over
> > login limit"
> >
> > why?
>
> I can't answer why, but you should have the acocunting ONLY pointing at
> RadiusNT machines to prevent this. You can have a second auth to the
> UNIX machine for backup purposes, though.
>
This happens when you rebooted your RadiusNT accounting server. 3COM and
their programming (lousy I must say) does a check to see if the primary
accounting server is there. If it is not there, then it switches directly
to the secondary and does not check if the primary is back online after
several hours. The problem is that 3COM does not do a constant check for
radius server availablility after the primary goes down. I would suggest
that you tell 3COM to fix this bug cause it is a bug on their end. This
same bug also affects DNS for dynamic addressing. Should your primary DNS
goes down and your secondary DNS is located on a remote network where there
is substantial lag or slow DNS server, this lag will be noticed by the
clients who dial up on.

Now, if RadiusNT does go down, and it does go to a backup Unix box, then
you need to verify that the Unix Box can relay that information to the
RadiusNT Box after it comes up. That is your job to make sure the Unix box
is synced with the primary database for emerald. The problem here now is
that you need to setup replication. That is a whole different story then.

For more information about this list (including removal) go to:
http://www.iea-software.com/support/maillists/liststart