On Oct 20, 2020, at 2:26 AM, Julien Cochennec <julien.cochennec@ac-orleans-tours.fr> wrote:
Ok, thanks a lot Alan, let's do it right then, sorry for missing the docs, I thought I read it all though.
A is radiusA.domain, IP 172.29.179.49
B is radiusB.domain, IP 172.29.49.89
C is IP 172.29.188.249
1) When I try to connect from A to B :
echo "User-Name=***,User-Password=***" | radclient radiusB.domain:1812 auth *** Sent Access-Request Id 133 from 0.0.0.0:50763 to 172.29.49.89:1812 length 67 Received Access-Accept Id 133 from 172.29.49.89:1812 to 172.29.179.49:50763 length 20
You're debugging the server by looking at the output of "radclient". Just... no.
2) When I try to connect from C to A :
echo "User-Name=***,User-Password=***" | radclient radiusA.domain:1812 auth *** Sent Access-Request Id 253 from 0.0.0.0:44465 to 172.29.179.49:1812 length 67 Received Access-Reject Id 253 from 172.29.179.49:1812 to 172.29.188.249:44465 length 20 (0) -: Expected Access-Accept got Access-Reject
3) On A in debug mode :
(0) Received Access-Request Id 49 from 172.29.188.249:59565 to 172.29.179.49:1812 length 67 ... (0) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (0) pap: WARNING: Authentication will fail unless a "known good" password is available
That seems pretty clear. How are users supposed to be authenticated? Where are the passwords stored? Alan DeKok.