v1.3.9rc2 through rc14 - BETA/Release Candidate

[sirhc]

RADIUS Secret is only allowing 26 characters (a 31 character string worked in previous versions).

I copied the string from one switch (running 1.3.9rc13) and pasted it to another (running 1.3.9rc14) and noticed it wasn't all there.

When I tried to type the last few characters the rc14 switch won't let me.

The rc13 switch is showing a red error box on the secret... but it must be using all of the characters that were there before the upgrade because I can still login with RADIUS.

We have been changing the UI/CLI to limit what the user can enter.

If you can image this, we have had many people try and succeed in blow up the UI/CLI by entering special characters and even entering SUPER SUPER LONG inputs. So we have started limiting the input fields to max lengths and limiting the characters that it allows the user to even enter.

[sakita]

...that's good UI practice to clean up the data entry on the input-side (monkey control)

But why just 26 characters and why reduce it from previous length?

Some systems only allow shorter RADIUS secrets while some allow up to 127 (or even 128) characters. A quick review of the RADIUS RFC and it looks to me like anything up to 253 characters is possible... but due to the way it is implemented some choose to go as short as 16 characters. FreeRADIUS, is limited to 31 characters.

It seems to me that a length of 63 is a nice number that works out well with other PSK lengths (e.g. wireless encryption keys)... barring that, 31 seems like another logical number based on FreeRADIUS limiting it to that for some arbitrary reason.

[sirhc]

...that's good UI practice to clean up the data entry on the input-side (monkey control)

But why just 26 characters and why reduce it from previous length?

Some systems only allow shorter RADIUS secrets while some allow up to 127 (or even 128) characters. A quick review of the RADIUS RFC and it looks to me like anything up to 253 characters is possible... but due to the way it is implemented some choose to go as short as 16 characters. FreeRADIUS, is limited to 31 characters.

It seems to me that a length of 63 is a nice number that works out well with other PSK lengths (e.g. wireless encryption keys)... barring that, 31 seems like another logical number based on FreeRADIUS limiting it to that for some arbitrary reason.

I do not think we had a limit before?

Why 26, well that is what fits in the box.

I will discuss with Eric and see if we will increase this limit or not.

[Uintadave]

Good day fellas.

I wanted to report that we are still having problems with ping watchdog with ver 1.3.9rc13.


I woke up this morning and the stupid Ubnt Rocket Ti was down again.

I logged into the POE to verify that it could not ping the radio.

I then verified the watchdog setting.

I then bounced the port manually.

Then the POE can ping it again. The watchdog did not do its job.

Here is a little info on our setup. the POE is on its own subnet connected directly to the router. 172.20.1.50
When it is trying to get to the antenna it goes through the router and the router routes it to the core where it then takes an MPLS tunnel back to the site and to the radio. The router and the POE clearly did not have communication with the radio yet it would not trip the watchdog.

[sirhc]

I pinged Eric (the programmer) to look into this and reach out to you on this thread

[Eric Stern]

Good day fellas.

I wanted to report that we are still having problems with ping watchdog with ver 1.3.9rc13.

Hopefully enabling debugging will help track this down. From the command line (use the "cmdline" command at the CLI) run these two commands:

Code: Select all

 touch /pinger_debug
/etc/init.d/pinger restart

This will clutter up your log, but if you send me the contents of your log the next time it happens it should help me figure out what is going on.

[Uintadave]

ok I did that but this is what I got:



BusyBox v1.19.4 (2015-12-17 16:22:08 EST) built-in shell (ash)

Enter 'help' for a list of built-in commands.


Marbleton WT POE# cmdline


BusyBox v1.19.4 (2015-12-17 16:22:08 EST) built-in shell (ash)

Enter 'help' for a list of built-in commands.


admin@Marbleton_WT_POE:/www# touch /pinger_debug

admin@Marbleton_WT_POE:/www# /etc/init.d/pinger restart

start-stop-daemon: warning: killing process 3772: No such process

admin@Marbleton_WT_POE:/www#


Does this mean that the pinger itself died?

[Eric Stern]

Yes, that is what that would mean. If pinger is dying that would explain why its not working. But pinger should never die unless it has nothing to do (ie there are no ping watchdogs configured).

Well, keep an eye on the log. You should get a fairly constant stream of messages from pinger while its running.

[Uintadave]

nothing is nothing in the log. how do I make sure it is running?

[Uintadave]

wow... i must be tired...

I checked again and the pinger is now loging and letting me know it is successful.