Listening on TCP Ports

Discussion:

Carlos Alejandro Aguero

2003-03-28 17:29:41 UTC

Hi All,

We need to listen NAS and send proxy to REALM through TCP Ports, not UDP.-

We have been doing all the reading, specially RFC 2138 and see that the
RADIUS Protocol is build arround UDP Packets, but we are needing to do this
by TCP.-

We find RADIUS very flexible as to accept ANY port to be used, but didn't
find any switch or command that let us indicate that it is a TCP Port in
place of UDP.-

Also we find that /etc/services includes "radius 1812/tcp"

Is this impossible under RADIUS Protocol or is it breaking some RFC???
Should we look for some other way to do our AAA???
In that case what program/application would you suggest???

Thanks in advance for your comments.-
Best Regards
Carlos

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Alan DeKok

2003-03-28 13:29:45 UTC

Permalink

Post by Carlos Alejandro Aguero
We need to listen NAS and send proxy to REALM through TCP Ports, not UDP.-

Why?

Post by Carlos Alejandro Aguero
We have been doing all the reading, specially RFC 2138 and see that the
RADIUS Protocol is build arround UDP Packets, but we are needing to do this
by TCP.-

Why?

Post by Carlos Alejandro Aguero
We find RADIUS very flexible as to accept ANY port to be used, but didn't
find any switch or command that let us indicate that it is a TCP Port in
place of UDP.-

That's because the protocol is UDP.

Post by Carlos Alejandro Aguero
Also we find that /etc/services includes "radius 1812/tcp"

It's assigned, but no one uses it.

Post by Carlos Alejandro Aguero
Is this impossible under RADIUS Protocol or is it breaking some RFC???

It's breaking the RFC.

Post by Carlos Alejandro Aguero
Should we look for some other way to do our AAA???
In that case what program/application would you suggest???

I have no idea what you want to do. You've proposed a solution,
but haven't described the problem.

Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Carlos Aguero

2003-03-28 19:05:07 UTC

Permalink

Problem is very simple.-
We have to act as a Proxy to a RealmServer, we think Radius could be the tool, but we find that the RealmServer is expecting a TCP Packet and is NOT accepting our UDP Packets.-
We have it all installed but find that our Packets are not reaching the Server because of this.-
We are obliged to use TCP, because it doesn't accept UDP Packets and it is out of our hand.-
Any solutions???
Awaiting and Best Regards
Carlos

---------- Original Message ----------------------------------
From: "Alan DeKok" <***@ox.org>
Reply-To: freeradius-***@lists.cistron.nl
Date: Fri, 28 Mar 2003 08:29:45 -0500

Post by Carlos Alejandro Aguero
We need to listen NAS and send proxy to REALM through TCP Ports, not UDP.-

Why?

Post by Carlos Alejandro Aguero
We have been doing all the reading, specially RFC 2138 and see that the
RADIUS Protocol is build arround UDP Packets, but we are needing to do this
by TCP.-

Why?

Post by Carlos Alejandro Aguero
We find RADIUS very flexible as to accept ANY port to be used, but didn't
find any switch or command that let us indicate that it is a TCP Port in
place of UDP.-

That's because the protocol is UDP.

Post by Carlos Alejandro Aguero
Also we find that /etc/services includes "radius 1812/tcp"

It's assigned, but no one uses it.

Post by Carlos Alejandro Aguero
Is this impossible under RADIUS Protocol or is it breaking some RFC???

It's breaking the RFC.

Post by Carlos Alejandro Aguero
Should we look for some other way to do our AAA???
In that case what program/application would you suggest???

I have no idea what you want to do. You've proposed a solution,
but haven't described the problem.

Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Alan DeKok

2003-03-28 14:00:01 UTC

Permalink

Post by Carlos Aguero
We have to act as a Proxy to a RealmServer, we think Radius could be the tool, but we find that the RealmServer is expecting a TCP Packet and is NOT accepting our UDP Packets.-

I don't know what the "RealmServer" is, but it's definitely not a
RADIUS server.

Would it be too difficult for you to say what the "RealmServer" is,
and descibe it in some detail? Or are you interested only in giving
out small amounts of information in across many messages?

Post by Carlos Aguero
We are obliged to use TCP, because it doesn't accept UDP Packets and it is out of our hand.-
Any solutions???

Use software which implements the RFC's, and which inter-operates
with other software which implements the RFCs'.

You're trying to use broken software, and are asking how to break
FreeRADIUS to work with it. That will *never* happen.

Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Oliver Zimmermann

2003-03-30 19:24:29 UTC

Permalink

Hi,

sometimes i have duplicate accounting start packets in my details-file
and in the database. This might be a general problem for billing and i'd
like to know, how some of you handle this.

That's what i found out so far: The first start-packets is written, but
the NAS gets no acknowledge from the radius sometimes, so it retransmits
the packet after a timeout of a few seconds. This second packet is also
written to details and database. Because it has the same
Acct-Unique-Session-Id, the billing runs into problems.

The same duplicate start-packets are produced, when the primary
radius goes offline and the secondary gets a therefore retransmitted
startpacket - which is written like the first attempt to the database.

How do you select the "right" start-packet for a session?

Regards,
Oliver

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Carlos Aguero

2003-03-29 14:21:26 UTC

Permalink

The answer we found is:

While RADIUS uses UDP,
TACACS+ uses TCP to do AAA.-
Thank you very much for your help
Best Regards
Carlos

---------- Original Message ----------------------------------
From: "Alan DeKok" <***@ox.org>
Reply-To: freeradius-***@lists.cistron.nl
Date: Fri, 28 Mar 2003 09:00:01 -0500

You're trying to use broken software, and are asking how to break
FreeRADIUS to work with it. That will *never* happen.

Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html