adershps
commented
3 years ago I have traced the issue in the file "_hostapd-2.9/src/radius/radiusclient.c", the failover is not happen, because of the function "_radius_client_auth_failover()_" is not invoked. This function is invoked inside "_radius_clienttimer()"
I tried to apply a patch to change the logic of the function "_radius_clienttimer()" in 2.9 into 2.7 logic, then the failover is happening and it worked(it has choosed the next priority server). But I can't find the exact issue in the new code change of this function(this code change is done in 2.8 hostapd version).
ms-s
If the first priority server fails, then failover is not happening. so that the second priority server is not choose by the hostapd. It tries the first priority server continuously.
CONF FILE : ` interface=eth4 driver=wired logger_syslog=-1 logger_syslog_level=1 logger_stdout=-1 logger_stdout_level=1
ieee8021x=1 eap_reauth_period=3600
use_pae_group_addr=1
ctrl_interface=/var/run/hostapd
auth_server_addr=192.168.0.46 auth_server_port=1812 auth_server_shared_secret=think123
auth_server_addr=192.168.0.191 auth_server_port=1812 auth_server_shared_secret=think123
own_ip_addr=30.30.30.35
radius_auth_req_attr=61:d:15
radius_acct_interim_interval=0 radius_retry_primary_interval=0 max_num_sta=1`
LOG DETAILS :
eth4: STA 18:06:f5:fa:dc:66 IEEE 802.1X: start authentication eth4: STA 18:06:f5:fa:dc:66 IEEE 802.1X: received EAPOL-Start from STA eth4: STA 18:06:f5:fa:dc:66 IEEE 802.1X: unauthorizing port eth4: CTRL-EVENT-EAP-STARTED 18:06:f5:fa:dc:66 eth4: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1 eth4: STA 18:06:f5:fa:dc:66 IEEE 802.1X: Sending EAP Packet (identifier 103) eth4: STA 18:06:f5:fa:dc:66 IEEE 802.1X: received EAP packet (code=2 id=103 len=14) from STA: EAP Response-Identity (1) eth4: STA 18:06:f5:fa:dc:66 IEEE 802.1X: STA identity 'thinkpalm' eth4: RADIUS Sending RADIUS message to authentication server eth4: RADIUS Next RADIUS client retransmit in 3 seconds recv[RADIUS]: Connection refused eth4: STA 18:06:f5:fa:dc:66 RADIUS: Resending RADIUS message (id=0) eth4: RADIUS Next RADIUS client retransmit in 6 seconds recv[RADIUS]: Connection refused eth4: STA 18:06:f5:fa:dc:66 RADIUS: Resending RADIUS message (id=0) eth4: RADIUS Next RADIUS client retransmit in 12 seconds recv[RADIUS]: Connection refused eth4: STA 18:06:f5:fa:dc:66 RADIUS: Resending RADIUS message (id=0) eth4: RADIUS Next RADIUS client retransmit in 24 seconds recv[RADIUS]: Connection refused eth4: STA 18:06:f5:fa:dc:66 IEEE 802.1X: aborting authentication eth4: CTRL-EVENT-EAP-STARTED 18:06:f5:fa:dc:66 eth4: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1 eth4: STA 18:06:f5:fa:dc:66 IEEE 802.1X: Sending EAP Packet (identifier 198) eth4: STA 18:06:f5:fa:dc:66 IEEE 802.1X: received EAP packet (code=2 id=198 len=14) from STA: EAP Response-Identity (1) eth4: STA 18:06:f5:fa:dc:66 IEEE 802.1X: STA identity 'thinkpalm' eth4: RADIUS Sending RADIUS message to authentication server eth4: RADIUS Next RADIUS client retransmit in 3 seconds recv[RADIUS]: Connection refused eth4: STA 18:06:f5:fa:dc:66 RADIUS: Resending RADIUS message (id=1) eth4: RADIUS Next RADIUS client retransmit in 6 seconds recv[RADIUS]: Connection refused eth4: STA 18:06:f5:fa:dc:66 RADIUS: Resending RADIUS message (id=1) eth4: RADIUS Next RADIUS client retransmit in 6 seconds recv[RADIUS]: Connection refused eth4: STA 18:06:f5:fa:dc:66 RADIUS: Resending RADIUS message (id=0) eth4: RADIUS Next RADIUS client retransmit in 6 seconds recv[RADIUS]: Connection refused eth4: STA 18:06:f5:fa:dc:66 RADIUS: Resending RADIUS message (id=1) eth4: RADIUS Next RADIUS client retransmit in 24 seconds recv[RADIUS]: Connection refused eth4: STA 18:06:f5:fa:dc:66 IEEE 802.1X: aborting authentication eth4: CTRL-EVENT-EAP-STARTED 18:06:f5:fa:dc:66 eth4: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1 eth4: STA 18:06:f5:fa:dc:66 IEEE 802.1X: unauthorizing port eth4: CTRL-EVENT-EAP-STARTED 18:06:f5:fa:dc:66 eth4: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1 eth4: STA 18:06:f5:fa:dc:66 IEEE 802.1X: Sending EAP Packet (identifier 115) eth4: STA 18:06:f5:fa:dc:66 IEEE 802.1X: received EAP packet (code=2 id=115 len=14) from STA: EAP Response-Identity (1) eth4: STA 18:06:f5:fa:dc:66 IEEE 802.1X: STA identity 'thinkpalm' eth4: RADIUS Sending RADIUS message to authentication server eth4: RADIUS Next RADIUS client retransmit in 3 seconds recv[RADIUS]: Connection refused eth4: STA 18:06:f5:fa:dc:66 MLME: MLME-DEAUTHENTICATE.indication(18:06:f5:fa:dc:66, 23) eth4: STA 18:06:f5:fa:dc:66 MLME: MLME-DELETEKEYS.request(18:06:f5:fa:dc:66) eth4: STA 18:06:f5:fa:dc:66 RADIUS: Resending RADIUS message (id=2) eth4: RADIUS Next RADIUS client retransmit in 6 seconds recv[RADIUS]: Connection refused eth4: STA 18:06:f5:fa:dc:66 IEEE 802.11: deauthenticated due to local deauth request eth4: STA 18:06:f5:fa:dc:66 RADIUS: Removing pending RADIUS authentication message for removed client eth4: STA 18:06:f5:fa:dc:66 RADIUS: Removing pending RADIUS authentication message for removed client eth4: STA 18:06:f5:fa:dc:66 RADIUS: Removing pending RADIUS authentication message for removed client eth4: STA 18:06:f5:fa:dc:66 IEEE 802.1X: start authentication eth4: STA 18:06:f5:fa:dc:66 IEEE 802.1X: received EAPOL-Start from STA eth4: STA 18:06:f5:fa:dc:66 IEEE 802.1X: unauthorizing port eth4: CTRL-EVENT-EAP-STARTED 18:06:f5:fa:dc:66 eth4: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1 eth4: STA 18:06:f5:fa:dc:66 IEEE 802.1X: Sending EAP Packet (identifier 81) eth4: STA 18:06:f5:fa:dc:66 IEEE 802.1X: received EAP packet (code=2 id=81 len=14) from STA: EAP Response-Identity (1) eth4: STA 18:06:f5:fa:dc:66 IEEE 802.1X: STA identity 'thinkpalm' eth4: RADIUS Sending RADIUS message to authentication server eth4: RADIUS Next RADIUS client retransmit in 3 seconds recv[RADIUS]: Connection refused