Error: Ignoring request from unknown client IP:1645
Walt Reynolds
waltr at umich.edu
Tue Feb 13 13:23:45 CET 2007
I had the problem before and it was because in the clients.conf file I
had written clients (with an s) and not client.
>
> Message: 1
> Date: Tue, 13 Feb 2007 12:13:08 +0100
> From: Davide Molteni <d.molteni at ntsitalia.com>
> Subject: Re: Error: Ignoring request from unknown client IP:1645
> To: freeradius list <freeradius-users at lists.freeradius.org>
> Message-ID: <1171365188.6512.39.camel at PRT-TOSHIBA>
> Content-Type: text/plain
>
> I'm very sorry Alan for replying to your own email address and not on
> the list. Here it is
>
>
> Il giorno lun, 12/02/2007 alle 13.35 +0100, Alan DeKok ha scritto:
>> Davide Molteni wrote:
>>
>>> On the cisco I configured:
>>> radius-server host ipmyradius auth-port 1812 acct-port 1813
>>> and the other aaa commands needed
>>>
>>> If I look at the radius.log file I always see
>>>
>>> Error: Ignoring request from unknown client ipmycisco:1645
>> Did you configure the server to have that IP in "clients.conf"?
>
> Sure! With the IP and the same shared key as the cisco NAS client
>
>>> The Cisco router keeps always trying to connect to radius using port
>>> 1645 even if I specified to use 1812...
>> That's a bug in the Cisco router.
>
> Yea but is this a problem for freeradius to properly work? I need to set
> freeradius to listen on 1645 in radiusd.conf? Or I need to change it
> in /etc/services ?
>
>>> I have tried to configure radius
>>> server to listen on port 1645 but is the same.
>> Listening on port 1645 won't make the server believe that
> "ipmycisco"
>> is a known client.
>
> Well I know this very well in fact, the client that is ignored is
> properly configured in clients.conf
>>> The microsoft radius integration(server 2003) worked at first try
> with
>>> this cisco config...
>> Really. Did you configure the Cisco box as a client in the MS
> RADIUS
>> server?
>
> Yes, sure I had to put in the ms radius the cisco box as a client
> otherwise it wouldn't work...
>
> Please notice that I would like to use this radius for simple PAP ONLY.
> Maybe I'm doing something wrong with users file?
> Please tell me the right way to configure a single test user for PAP
> only. I would like to disable unused modules (ldap,mysql...)
>
> It couldn't be a problem of authentication method?
>
> I forgot an important element to tell anyone wants to help.
> I tried to change the shared key on one side (radius) and noticed that
> log file continue to write again the same error
>
> Ignoring request from unknown client IP:1645
>
> So the issue it's due to the fact that cisco client don't exchange
> shared key with radius...
>
> This can halp to focus better the problem?
>
> thanks in advance
>
--
Walt Reynolds
Principle Systems Security Development Engineer
Information Technology Central Services
University of Michigan
(734) 615-9438
More information about the Freeradius-Users
mailing list