radiusd server does not respond to radtest from another host

mbhorner at aol.com mbhorner at aol.com
Sun Mar 8 02:57:26 CET 2009



 
Hi Alan,

Thanks for the response. My original email was very lengthy, but at the bottom you can see a wireshark capture showing the packet arrival. (My understanding is wireshark is a pretty GUI based on tcpdump)

What is strange is I tried to do the test in the reverse direction and it works i.e.

10.10.10.11 = radisusd server <=== 10.10.10.10 = radtest client

Does not work

10.10.10.11 = radtest client ===> 10.10.10.10 = radiusd server 

Works


The host 10.10.10.11 is running 32 bit OpenSuse 11.1
while host 10.10.10.10 is running 64bit OpenSuse 11.1

I have fallen back to default install with only the following files [edits users & clients.conf] (to reflect the opposite endpoints)

So far the 32 bit machine appears to be silently dead as far as radiusd



Date: Sat, 7 Mar 2009 19:29:05 +0000
From: A.L.M.Buxey at lboro.ac.uk
Subject: Re: radiusd server does not respond to radtest from another
    host
To: FreeRadius users mailing list
    <freeradius-users at lists.freeradius.org>
Message-ID: <20090307192905.GA28192 at lboro.ac.uk>
Content-Type: text/plain; charset=us-ascii

Hi,

> Next I tried testing radiusd using radtest from a 2nd host (10.10.10.10), 
which I had added previously added to the clients.conf (Note I can successfully 
ping the radius server 10.10.10.11 from this 2nd host 10.10.10.10).?But, I get 
no response from radius acc-request on either the radiusd terminal window or the 
radtest terminal window.

just like another current thread - have a couple of terminal windows
opn.

in one, run

tcpdump -eqnnntl -i eth0 port 1812  (change eth0 if necessary)

in the other, run

radiusd -X


now, run the test.  does anything show packets?  have you enabled
the firewall to allow port 1812 inbound from 10.10.10.10? 


alan






 





 



-----Original Message-----

From: mbhorner at aol.com

To: freeradius-users at lists.freeradius.org

Sent: Sat, 7 Mar 2009 11:06 am

Subject: radiusd server does not respond to radtest from another host


















Attached is wireshark capture on the radius server (10.10.10.11) showing the packet arrives from the rad test client (10.10.10.10)





No.???? Time??????? Source??????????????? Destination?????????? Protocol Info


????? 2 2.997586??? 10.10.10.10?????????? 10.10.10.11?????????? RADIUS?? Access-Request(1) (id=241, l=58), Duplicate Request ID:241






Frame 2 (100 bytes on wire, 100 bytes captured)


??? Arrival Time: Mar? 7, 2009 10:02:20.966147000


??? [Time delta from previous captured frame: 2.997586000 seconds]


??? [Time delta from previous displayed frame: 2.997586000 seconds]


??? [Time since reference or first frame: 2.997586000 seconds]


??? Frame Number: 2


??? Frame Length: 100 bytes


??? Capture Length: 100 bytes


??? [Frame is marked: False]


??? [Protocols in frame: eth:ip:udp:radius]


??? [Coloring Rule Name: UDP]


??? [Coloring Rule String: udp]


Ethernet II, Src: 3com_ac:0a:0c (00:50:da:ac:0a:0c), Dst: DellPcba_78:86:32 (00:0d:56:78:86:32)


??? Destination: DellPcba_78:86:32 (00:0d:56:78:86:32)


??????? Address: DellPcba_78:86:32 (00:0d:56:78:86:32)


??????? .... ...0 .... .... .... .... = IG bit: Individual address (unicast)


??????? .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)


??? Source: 3com_ac:0a:0c (00:50:da:ac:0a:0c)


??????? Address: 3com_ac:0a:0c (00:50:da:ac:0a:0c)


??????? .... ...0 .... .... .... .... = IG bit: Individual address (unicast)


??????? .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)


??? Type: IP (0x0800)


Internet Protocol, Src: 10.10.10.10 (10.10.10.10), Dst: 10.10.10.11 (10.10.10.11)


??? Version: 4


??? Header length: 20 bytes


??? Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)


??????? 0000 00.. = Differentiated Services Codepoint: Default (0x00)


??????? .... ..0. = ECN-Capable Transport (ECT): 0


??????? .... ...0 = ECN-CE: 0


??? Total Length: 86


??? Identification: 0x0000 (0)


??? Flags: 0x04 (Don't Fragment)


??????? 0... = Reserved bit: Not set


??????? .1.. = Don't fragment: Set


??????? ..0. = More fragments: Not set


??? Fragment offset: 0


??? Time to live: 64


??? Protocol: UDP (0x11)


??? Header checksum: 0x126f [correct]


??????? [Good: True]


??????? [Bad : False]


??? Source: 10.10.10.10 (10.10.10.10)


??? Destination: 10.10.10.11 (10.10.10.11)


User Datagram Protocol, Src Port: 47970 (47970), Dst Port: radius (1812)


??? Source port: 47970 (47970)


??? Destination port: radius (1812)


??? Length: 66


??? Checksum: 0xc264 [correct]


??????? [Good Checksum: True]


??????? [Bad Checksum: False]


Radius Protocol


??? Code: Access-Request (1)


??? Packet identifier: 0xf1 (241)


??? Length: 58


??? Authenticator: DF4A578FEB08708AEFEA3236CA37650C


??? [Duplicate Request: 241]


??? Attribute Value Pairs


??????? AVP: l=8? t=User-Name(1): pencil


??????????? User-Name: pencil


??????? AVP: l=18? t=User-Password(2): Encrypted


??????????? User-Password: \267\017U\227\320\216\305\y\373\314\377\306\316\350\255


??????? AVP: l=6? t=NAS-IP-Address(4): 127.0.0.2


??????????? NAS-IP-Address: 127.0.0.2 (127.0.0.2)


??????? AVP: l=6? t=NAS-Port(5): 0


??????????? NAS-Port: 0









?












?






 

Access 350+ FREE radio stations anytime from anywhere on the web. Get the Radio Toolbar! 





 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090307/8460b277/attachment.html>


More information about the Freeradius-Users mailing list