How to configure RADIUS on 2 IP address Server
aland at deployingradius.com
Thu Dec 11 09:02:26 CET 2008
Pongsak Tawankanjanachot wrote:
> I started installing, ,setting, running ./radiusd -X with default
No. You've configured the server to proxy requests to itself. This
> Sending Access-Accept of id 102 to* 192.168.2.45 *
> port 36272
> Framed-MTU = 1400
> NAS-IP-Address = 192.168.25.77
> NAS-Port = 15
> Finished request 5.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Accept packet from host 192.168.2.45
> port 1812, id=102, length=38
You have configured it to proxy requests to itself. Don't do that.
> My question is why the Access-Accept is to 192.168.2.45
> (It should be 192.168.25.254?
1) you have 2 interfaces
2) you haven't used the "listen type = proxy" configuration to set
the proxying IP address
3) You haven't enabled UDPFROMTO in "configure"
4) The OS picks a source IP address
and, you've configured the server to proxy requests to itself. Don't
> radiusd: #### Opening IP addresses and Ports ####
> Listening on authentication address 192.168.25.254
> port 1812
> Listening on accounting address 192.168.25.254
> port 1813
> Listening on proxy address 192.168.25.254 port 1814
> Ready to process requests.
> Seems like RADIUS is listening on 192.168.25.254..... :D
> On Server terminal, I test with radtest test test localhost 0 testing123
> Sending Access-Request of id 103 to 127.0.0.1 port 1812
> User-Name = "test"
> User-Password = "test"
> NAS-IP-Address = 127.0.1.1
> NAS-Port = 0
> /There is no response at all..../
Do you understand what IP addresses are? The server is listening on
192.168.25.254, while you're sending packets to 127.0.0.1. And you're
*surprised* that the server doesn't respond? Why?
> It replies!! Seems like it is listening at eth0 192.168.25.254
> BUT when I use RTRadPing Test Utility from local computer-WinXP SP3
> (192.168.25.142 ) asking Authentication Request
> to 192.168.25.254
> RTRadPing says no response from server, timeout.
Look at the DEBUG output of the SERVER, not the client.
> What should I do next??
> Somebody can suggest me?
> I think this is just the first step, then I need to install OpenSSL and
> test....a long way to go..
I would stop trying to configure the server, and start by
understanding how networks work.
More information about the Freeradius-Users