On Mar 31, 2017, at 10:27 AM, Alan DeKok <aland@deployingradius.com> wrote:
On Mar 31, 2017, at 10:01 AM, Jeremy Stretch via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
As an isolated test, I have a Juniper switch configured to authenticate to one of the FreeRADIUS servers, which in turn authenticates against one backend LDAP server. When I try to log into the switch, tcpdump on the RADIUS server confirms that it receives an Access-Request packet. I've stopped the normal daemon and am running `freeradius -X` on the server, but it prints only a single line in response to the Access-Request:
Ready to process requests.
It prints this same line each time a request is dropped.
That means that the OS told FR there was a packet, but when it tried to read the packet, there was no RADIUS packet.
If it was from an unknown client, it would print that. If it was a malformed packet, it would print that. So something else is going on.
It might be RPF causing the issue. I vaguely remember this being a symptom of that, but I could be incorrect. http://stackoverflow.com/questions/31000939/disable-reverse-path-filtering-f... Simple to check... -Arran Arran Cudbard-Bell FreeRADIUS Core Developer FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2