Il giorno mar, 13/02/2007 alle 11.59 +0000, A.L.M.Buxey@lboro.ac.uk ha scritto:
Hi,
client localhost { secret = 181180 shortname = localhost nastype = other }
client 192.168.0.1 { secret = 181180 shortname = testcisco nastype = cisco }
those look fine. have you actually tried a 'radtest' on the local server to check all is well? eg put the following into your 'users' file
testuser01 Auth-Type:=Local, User-Password=="ehwtehi"
restart radiusd process then do
radtest testuser01 ehwtehi localhost 1812 181180
Ok just after this test i have after many tries "Re-Sending Access-Request ..." radclient: no response from server for ID 250 This without any change to the radiusd.conf Now I will make all the modifications you suggested and send you the results. I'm not proxying. The freeradius version is 1.0.1
this is pure and simple PAP authentication at its best.
## radiusd.conf -- FreeRADIUS server configuration file.
which version of freeradius? this config is a bit crusty for a 1.x install
change the following parts
#bind_address = * #port = 0
listen { # IP address on which to listen. # Allowed values are: # dotted quad (1.2.3.4) # hostname (radius.example.com) # wildcard (*) ipaddr = *
# Port on which to listen. # Allowed values are: # integer port number (1812) # 0 means "use /etc/services for the proper port" port = 1645
# Type of packets to listen for. # Allowed values are: # auth listen for authentication packets # acct listen for accounting packets # type = auth }
this uses the 1.x listen directive. i've also changed the port to 1645 - as you say your cisco is expecting this port!
proxy_requests = yes $INCLUDE ${confdir}/proxy.conf
are you proxying? you didnt say so. you should set this to no(!)
# Supports multiple encryption schemes # clear: Clear text # crypt: Unix crypt # md5: MD5 ecnryption # sha1: SHA1 encryption. # DEFAULT: crypt pap { encryption_scheme = crypt }
to do the radtest I mentioned above, this value needs to be 'clear'
you a crypted version of that password if you wish to use 'crypt'
as for all the rest. if you arent using it. comment it out.
alan