[ietf79-tech] Intermittent authentication problems on ietf-hotel.1x...

John Kemp kemp at network-services.uoregon.edu
Wed Nov 10 13:31:38 PST 2010 

I put the syntax for these commands in a script if you
just want to force them without a reboot.  As root, you
would say:

/usr/local/bin/activate-sysctls

If you are anticipating a rebooot, however, I would
put the below lines in /etc/sysctl.conf before the reboot.

Let me know if any of this makes no sense, or if you want
assistance with this.

/jgk

On 11/10/2010 01:15 PM, John Kemp wrote:
> 
> Uh, was forwarding never turned on in the sysctl's for the NACs?
> 
> I think this is what I was using:
> 
>> net.bridge.bridge-nf-call-ip6tables = 1
>> net.bridge.bridge-nf-call-iptables = 1
>> net.bridge.bridge-nf-call-arptables = 0
>> net.ipv4.ip_forward = 1
>> net.ipv4.conf.all.forwarding = 1
>> net.ipv4.conf.all.mc_forwarding = 1
>> net.ipv4.conf.default.forwarding = 1
>> net.ipv4.conf.default.mc_forwarding = 1
>> net.ipv6.conf.all.forwarding = 1
>> net.ipv6.conf.all.mc_forwarding = 1
>> net.ipv6.conf.default.forwarding = 1
>> net.ipv6.conf.default.mc_forwarding = 1
> 
> I'm fairly concerned that these sysctl's are not set.
> 
> /jgk
> 
> 
> 
> On 11/10/2010 06:26 AM, Xiaoliang Zhao wrote:
>> i am using win7, and it works fine...
>>  
>> is John Kemp on this mailing list?
>>  
>> thanks,
>> Leon
>> On Wed, Nov 10, 2010 at 9:19 PM, Chris Elliott <chelliot at pobox.com
>> <mailto:chelliot at pobox.com>> wrote:
>>
>>     All,
>>
>>     I'm sitting in my hotel room and I tried to use ietf-hotel.1x on my
>>     Mac. Authentication failed. Tried multiple times, and authentication
>>     failed. Then tried to use it from my phone and no problem. Tried
>>     again from my Mac and it failed again. One more time and it worked.
>>     Once I was on I checked the radius log on services-1 and I see:
>>
>>     Wed Nov 10 13:04:28 2010 : Auth: Login incorrect: [7901182615] (from
>>     client shangri-la-1 port 29 cli 60-33-4B-25-74-81)
>>     Wed Nov 10 13:04:38 2010 : Auth: Login incorrect: [7901182615] (from
>>     client shangri-la-1 port 29 cli 60-33-4B-25-74-81)
>>     Wed Nov 10 13:04:49 2010 : Auth: Login incorrect: [7901182615] (from
>>     client shangri-la-1 port 29 cli 60-33-4B-25-74-81)
>>     Wed Nov 10 13:04:59 2010 : Auth: Login incorrect: [7901182615] (from
>>     client shangri-la-1 port 29 cli 60-33-4B-25-74-81)
>>     Wed Nov 10 13:06:17 2010 : Auth: Login OK: [7901182615] (from client
>>     nacportal-1 port 0)
>>     Wed Nov 10 13:07:13 2010 : Auth: Login incorrect: [7901182615] (from
>>     client shangri-la-1 port 29 cli 60-33-4B-25-74-81)
>>     Wed Nov 10 13:07:24 2010 : Auth: Login incorrect: [7901182615] (from
>>     client shangri-la-1 port 29 cli 60-33-4B-25-74-81)
>>     Wed Nov 10 13:10:05 2010 : Auth: Login OK: [7901182615] (from client
>>     localhost port 0)
>>     Wed Nov 10 13:10:05 2010 : Auth: Login OK: [7901182615] (from client
>>     shangri-la-1 port 29 cli 90-27-E4-5B-3E-04)
>>     Wed Nov 10 13:10:39 2010 : Auth: Login incorrect: [7901182615] (from
>>     client shangri-la-1 port 29 cli 60-33-4B-25-74-81)
>>     Wed Nov 10 13:10:49 2010 : Auth: Login incorrect: [7901182615] (from
>>     client shangri-la-1 port 29 cli 60-33-4B-25-74-81)
>>     Wed Nov 10 13:10:56 2010 : Auth: Login OK: [7901182615] (from client
>>     localhost port 0)
>>     Wed Nov 10 13:10:56 2010 : Auth: Login OK: [7901182615] (from client
>>     shangri-la-1 port 29 cli 60-33-4B-25-74-81)
>>
>>     I changed absolutely nothing on my Mac. I did type in the password
>>     every time, but I don't think I misspelled ietf many times in a
>>     row...and, no, the caps key was /not/ on!
>>
>>     I can't explain this behavior, and I am concerned. Can other folks
>>     test to see if they are seeing the same issue?
>>
>>     Thanks!
>>     Chris.
>>
>>     -- 
>>     Chris Elliott
>>     chelliot at pobox.com <mailto:chelliot at pobox.com>
>>
>>
>>     _______________________________________________
>>     ietf79-tech mailing list
>>     ietf79-tech at daedelus.com <mailto:ietf79-tech at daedelus.com>
>>     http://www.daedelus.com/mailman/listinfo/ietf79-tech
>>
>>
>>
>>
>> _______________________________________________
>> ietf79-tech mailing list
>> ietf79-tech at daedelus.com
>> http://www.daedelus.com/mailman/listinfo/ietf79-tech
> 
> _______________________________________________
> ietf79-tech mailing list
> ietf79-tech at daedelus.com
> http://www.daedelus.com/mailman/listinfo/ietf79-tech

More information about the ietf79-tech mailing list