On 2013-06-24 at 18:38, A.L.M.Buxey@lboro.ac.uk (A.L.M.Buxey@lboro.ac.uk) wrote:
Hi,
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1812
you see this - TCP
read a little about RADIUS it uses UDP
change your rule to allow UDP port 1812
I had it wide open. Someone suggested I add the tcp above. Now I have iptables wide open: iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination -----
# radtest evergreen@plumgrid.com "Y0V2T2VAKI" 192.168.10.14 0 d1sc0verplum
Is not sending my radius request to the ldap server (192.168.10.14)?
we, it is....but there is NOTHING an LDAP server can do with a RADIUS request.
I get that. What I want the RADIUS server to do is query the LDAP server, rather than say a database or the /etc/freeradius/users file.
you send RADIUS requests to a RADIUS server....the RADIUS server will then open up required connections to backend systems (eg LDAP to an LDAP server, SQL to an SQL server etC) to deal with AAA requirements.
Yes, I get that. I am trying to prove via radtest that the radius server can authenticate to the radius server, just as the users file can authenticate to the radius server.
I dont use HTTP to talk to an SSH server
Neither do I.
In which case, how do I test that freeradius is working with ldap?
you fire a RADIUS authentication against the RADIUS server
radtest username password radius-server port secret
Does this mean I need to set up say a WiFi router to use WPA2 Enterprise and send auth requests to the radius server and then the radius server passes requests to the ldap server. This
yes.
So, I can run radtest only using credentials in /etc/freeradius/users? -- "They: The makers of the Constitution: conferred, as against the government, the right to be let alone -- the most comprehensive of rights and the right most valued by civilized men." - Justice Louis D. Brandeis