Re: Error: Ignoring request from unknown client IP:1645
I had the problem before and it was because in the clients.conf file I had written clients (with an s) and not client. 



Message: 1
Date: Tue, 13 Feb 2007 12:13:08 +0100
From: Davide Molteni <d.molteni@ntsitalia.com>
Subject: Re: Error: Ignoring request from unknown client IP:1645
To: freeradius list <freeradius-users@lists.freeradius.org>
Message-ID: <1171365188.6512.39.camel@PRT-TOSHIBA>
Content-Type: text/plain

I'm very sorry Alan for replying to your own email address and not on
the list. Here it is


Il giorno lun, 12/02/2007 alle 13.35 +0100, Alan DeKok ha scritto:

Davide Molteni wrote:


On the cisco I configured:
radius-server host ipmyradius auth-port 1812 acct-port 1813
and the other aaa commands needed

If I look at the radius.log file I always see

Error: Ignoring request from unknown client ipmycisco:1645

  Did you configure the server to have that IP in "clients.conf"?


Sure! With the IP and the same shared key as the cisco NAS client


The Cisco router keeps always trying to connect to radius using port
1645 even if I specified to use 1812...

  That's a bug in the Cisco router.


Yea but is this a problem for freeradius to properly work? I need to set
freeradius to listen on 1645 in radiusd.conf? Or I need to change it
in /etc/services ?


I have tried to configure radius
server to listen on port 1645 but is the same. 
  Listening on port 1645 won't make the server believe that

"ipmycisco"

is a known client.


Well I know this very well in fact, the client that is ignored is
properly configured in clients.conf

The microsoft radius integration(server 2003) worked at first try

with

this cisco config...

  Really.  Did you configure the Cisco box as a client in the MS

RADIUS

server?


Yes, sure I had to put in the ms radius the cisco box as a client
otherwise it wouldn't work...

Please notice that I would like to use this radius for simple PAP ONLY.
Maybe I'm doing something wrong with users file?
Please tell me the right way to configure a single test user for PAP
only. I would like to disable unused modules (ldap,mysql...)

It couldn't be a problem of authentication method?

I forgot an important element to tell anyone wants to help.
I tried to change the shared key on one side (radius) and noticed that
log file continue to write again the same error

Ignoring request from unknown client IP:1645

So the issue it's due to the fact that cisco client don't exchange
shared key with radius...

This can halp to focus better the problem?

thanks in advance



--
Walt Reynolds
Principle Systems Security Development Engineer
Information Technology Central Services
University of Michigan
(734) 615-9438
This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.