On 2013-06-24 at 18:06, A.L.M.Buxey@lboro.ac.uk (A.L.M.Buxey@lboro.ac.uk) wrote:
Hi,
Always start simple. Run radtest on the RADIUS server box using 127.0.0.1 ... THEN move to running against it from other systems once you've verified all authentication etc is working
Works on localhost.
Trying to get radius to authenticate against an ldap server.
if localhost works, then the authentications cannot get though to the server on its IP socket so you need to edit the host firewall (ad any other ACLs that might be blocking the traffic)
iptables -L -n - check for UDP 1812 being allowed
iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1812 Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
as for what you say you are doing and what you are doing...that radtest is simply sending RADIUS auths to a RADIUS server....then the server will use whatever methods you have configured for AAA - right now its doing absolutely nothing at all as the server is not receiving your packets - this has nothing to do with an LDAP server right now
Does this mean that: # radtest evergreen@plumgrid.com "Y0V2T2VAKI" 192.168.10.14 0 d1sc0verplum Is not sending my radius request to the ldap server (192.168.10.14)? In which case, how do I test that freeradius is working with ldap? Does this mean I need to set up say a WiFi router to use WPA2 Enterprise and send auth requests to the radius server and then the radius server passes requests to the ldap server. This is how I want it to work eventually, but I thought the steps should be: Test radius as localhost. Test radius to ldap. Test WPA2 Enterprise to radius server, which will pass username and password of user to ldap.