FreeRadius Ignoring request to auth address

Alan DeKok aland at deployingradius.com
Thu Oct 7 15:32:37 CEST 2021 

On Oct 7, 2021, at 9:11 AM, Benjamin Diehl <benjamin.diehl at foundationacademy.net> wrote:
> Here is all the information, I checked the Home Server piece in all the txt files and nothing I changed, changed the results of the output.

  "I checked stuff".

  What did you check?  Why?  What did you expect it to be?  What changes did you make?  Why would you make this changes?

  This whole approach of "I did stuff and it didn't work" is not helpful.  This isn't a "I'm new to RADIUS" issue.

  The issue is being able to carefully and methodically track down and debug issues.  That skill is absolutely critical for building complex systems, whether or not they're RADIUS.

> I also tested LDAPsearch command and that worked great.

  Thats good.

> I have included the freeradius -X result below with 1 query.

  Which system is this?  The proxy? The home server?  Some other random server?

  Again, you need to EXPLAIN IN DETAIL what you're doing. We can't read your mind.  We only know what you want the system to do if you tell us.  But for some reason you have issues with telling us, and then you still want us to help debug the problem.

  That's making it difficult to help you.  You've been told this repeatedly.

> I have followed 2 guides in setting up FreeRadius ( https://www.nasirhafeez.com/freeradius-with-google-g-suite-workspace-secure-ldap-for-wpa2-enterprise-wifi/) - Google LDAP (https://support.google.com/a/answer/9089736#zippy=%2Cfreeradius), I have google searched like crazy but still can’t seem to figure out exactly what’s wrong. Your technical help would be much appreciated. I am new to all of this and learning as I go but I am starting to reach the end of even my own learnings knowledge base. I understand that there are certain errors in this code but understanding them and changing exactly the correct things to fix those issues is where I am failing.

  The attitude of "I'm going to change things to fix issues" is 100% wrong.  You're not making random changes.  You should be UNDERSTANDING the system first.  Then, based on that understanding, making changes to achieve a particular goal.

  i.e. the changes are goal-oriented, and should achieve a particular result.

  Saying "I need to change things to fix issues" is the mindset that you're just randomly poking things until "it works".

> Ready to process requests
> (0) Received Access-Request Id 23 from 172.16.13.29:46498 to 172.16.2.53:1812 length 296
> (0)   User-Name = "benjamin.diehl at foundationacademy.net"
> (0)   NAS-Identifier = "Test Radius"
> (0)  ...
> (0)   NAS-Port-Type = Wireless-802.11
> (0)   Framed-MTU = 1500
> (0)   EAP-Message = 0x02f700290162656e6a616d696e2e646965686c40666f756e646174696f6e61636164656d792e6e6574

  OK, it's doing EAP.
> ...
> (0) suffix: Checking for suffix after "@"
> (0) suffix: Looking up realm "foundationacademy.net" for User-Name = "benjamin.diehl at foundationacademy.net"
> (0) suffix: Found realm "foundationacademy.net"
> (0) suffix: Adding Stripped-User-Name = "benjamin.diehl"

  Yeah, you don't want to do that.  You need to edit the realm definition and add "nostrip".
> ...
> (0) Proxying request to home server 127.0.0.1 port 1812 timeout 20.000000
> ...
> (1) Received Access-Request Id 133 from 127.0.0.1:46909 to 127.0.0.1:1812 length 284

  Uh... why are you proxying packets from the server to itself?  This makes no sense.  It's just not necessary.

  And again, you haven't explained *why* you're doing this.  Just "Here's some debug output, but I'm not going to explain what I'm trying to do, or how I've set up the network".

> ...
> (1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
> (1)   authenticate {
> (1) eap: Identity does not match User-Name, setting from EAP Identity

  Exactly.  Don't edit the User-Name when doing EAP.

  And for the fourth time, PLEASE give explanations.  Don't rely on "I'm new to RADIUS".  There's simply no excuse when you've been told exactly what to do (BE CLEAR AND DESCRIPTIVE), and then you're still not doing it.

  This isn't a "I'm new to RADIUS" issue.  This is an issue of asking for help, and then not following instructions.  That's frustrating.

  Alan DeKok.

More information about the Freeradius-Users mailing list