freeradius not responding on machine specific IPs

Alan DeKok aland at deployingradius.com
Sat Dec 13 23:30:20 CET 2008


kevin wrote:
> What I didn't realize nor think of, is that I could run radtest against
> the debug run.  Every reference to debug mode simply indicated to run in
> debug, check if there were errors, and the ctrl-X and run freeradius
> again in standard mode.

  The intent of the debug output is to run *all* of your tests with
debugging output on.  Otherwise, you're running tests where you
completely ignore the output of the server.

> So I ran freeradius in debug mode an then ssh'd into the server again in
> another instance.  Ran radtest again and found these output results:
> 
>> rad_recv: Access-Request packet from host 192.168.3.199:41953, id=15, length=56
>> Ignoring request from unknown client 192.168.3.199:41953
>> --- Walking the entire request list ---
>> Nothing to do.  Sleeping until we see a request.
> 
> unh-hunh...  FR was getting the request, and IGNORING IT... 

  That's how RADIUS works.  It accepts requests only from known client.

> so the
> client never knew that FR had received the request.  Great for security
> (looks like the port was closed), so that pointed me in the wrong
> direction, thinking it wasn't open or getting requests.

  Again, you spent a lot of time verifying that the client was sending
packets  You didn't validate that the server was *receiving* the packets.

> Anyhow, I changed the clients.conf to include the external IP of the
> server, ran the test again, and it worked as expected:

  Exactly.

  Alan DeKok.



More information about the Freeradius-Users mailing list