Authenticating wifi users via mysqldb

Winston McDowell winston.mcd99 at gmail.com
Mon Jan 27 03:51:23 CET 2014


Thanks Arran,

I had it in the clients.conf file but took a close look at it and noticed
the keyword "client" in front of the ip address was missing.






On Sun, Jan 26, 2014 at 9:17 PM, Arran Cudbard-Bell <
a.cudbardb at freeradius.org> wrote:

>
> On 27 Jan 2014, at 01:23, Winston McDowell <winston.mcd99 at gmail.com>
> wrote:
>
> > I tried setting up freeradius with mysql based on the information from
> the wiki site.
> >
> > I can run radtest from the command line and authenticate a user in the
> database.
> >
> > Every attempt via wifi generates the error "Ignoring requests to
> authentication address * port 1812 from unknown client 192.168.226.248 port
> 58245"
>
> * Ignoring (which in this case also means discarding)
> * Requests (most likely RADIUS requests as this is a RADIUS server)
> * to authentication address * (i.e. the address the server expects to
> receive authentication requests on, the * in this case is a wildcard,
> meaning all local IP addresses are authentication addresses)
> * port 1812 (the port the server is listening on)
> * unknown client (means the server doesn't recognise the client)
> * 192.168.226.248 (the IP address of the unknown client)
> * port 58245 (the src port of the packet from the unknown client).
>
> So we know the server is discarding requests on it's authentication
> interface, from unknown clients. Would it help if I told you the fact that
> the client is unknown is not a coincidence? In fact there is a direct
> causal relationship here. I know it might not be obvious from reading the
> message, but the reason why the server is ignoring the request is precisely
> because of the client's 'unknownness'.
>
> Would defining extra users help? Probably not, as they're users, not
> clients. Clients in this case being NAS (Network Access Servers), the
> things that act as intermediaries between the users and the RADIUS servers.
>
> What you need to do to make this work is to inform the server of the
> clients existence and thus authorize it to communicate with the server.
>
> There are a few ways to do that, but the simplest is probably adding an
> entry in raddb/clients.conf.
>
> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> FreeRADIUS Development Team
>
> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140126/488a5af8/attachment.html>


More information about the Freeradius-Users mailing list