Cover V08, I02
Article
Sidebar 1
Sidebar 2
Sidebar 3
Sidebar 4

feb99.tar

Sidebar 2: Troubleshooting and Other Tips

radiusd Tips

  1. You can start the daemon in debug mode with -x: /etc/raddb/radiusd -x
  2. Although I use /etc/raddb/ for the examples here, you are not limited to using this directory. In fact there are good reasons not to. The log file is stored on root (/), which is typically a small partition, and storing non-system programs and data under /etc does not set well with most admins. I prefer to use /usr/local/radius/db/ for the users, dictionary, and clients file, and /usr/local/radius/bin/ for radiusd. You can then start radiusd with -d. For example: /usr/local/radius/bin/radiusd -d /usr/local/radius/db/ Don't forget to protect those files wherever you keep them!

Connection Problems

  1. Make sure the daemon is running. With Solaris use: ps -ef | grep radiusd, on BSDI and Linux, use ps -aux | grep radiusd.
  2. Make sure routing between the Max NAS and RADIUS server is running. ping in both directions. Check username and passwords. Many NT clients will likely be sending their NT domain or work group names as well. Either ask them to deactivate the Network login or build in the domain or workgroup into the login name with the backslash notation. For example: HR\KING
  3. Use the pppif command in debug mode to follow the PPP session.
  4. Purchase PPP Design and Debugging by James Carlson, Addison-Wesley, ISBN 0-201-18539-3. This will get you up to speed on PPP.
  5. Configure your Max to use syslog and follow the connection with the tail -f.
  6. Assuming you've activated syslog logging, check the Ascend Disconnect/Progress Codes that are available at http://www.ascend.com/898.html.

Routing Problems

  1. There is no magic involved with NAS. Like other routers, the router must either know a specific route to another router or node, or reach the node via a default route. This is also true of the remote node. In complicated networks, you will often have to hop from router to router and check connectivity with traceroute and ping. Often times, networks are assigned for remote users, but the corporate backbone is not actually routing the networks - make no assumptions.
  2. On Maxen, you can check routing with show ip route.
  3. Watch filters. Filtering can provide "free" protection to the network, but when using filters be prepared to use protocol analyzers to track down those hard to find problems.


 

© 2002 CMP Media LLC. All Rights Reserved.
www.sysadminmag.com