freeradius not responding on machine specific IPs
kevin
rat at yia.ca
Sat Dec 13 07:22:40 CET 2008
Thanks Jason, but I might have been unclear. Sorry about that.
I'm using fake data to send to the radius server. I do not care if it
passes or fails. I simply want the server to respond when I send a
message to x.x.3.199 (the network address of the machine) just as it
does when I send a request to the localhost address on the machine.
It does respond to localhost, it does not respond to the network
address. That's where the problem lies, that I am trying to figure out.
Thanks again, though.
The network I am trying to authenticate is remote from the radius
server, so I cannot use localhost. Otherwise, I wouldn't worry about
it... Eventually, the remote location will be running covachilli or
something similar. But for security (equipment) reasons, I cannot put a
server at that end, so must do authentication remotely, at this end.
Cheers,
Kevin
On Fri, 2008-12-12 at 16:11 -0500, Jason Wittlin-Cohen wrote:
> Kevin,
>
> The relevant line is:
>
> "> rad_verify: Received Access-Reject packet from client 127.0.0.1
> port 1812 with invalid signature (err=2)! (Shared secret is
> incorrect.)"
>
> The shared secret to authenticate a client to the RADIUS server (for
> RADIUS, not EAP traffic) is either not set, or you're using the wrong
> secret. By default there is no shared secret set for localhost. Edit
> clients.conf, search for 127.0.0.1. You'll find a line that looks
> like:
>
> ipaddr = 127.0.0.1
>
> Now, add this line beneath:
>
> secret = secret
>
> Restart freeradius and try again. The message should go away.
> Remember, you're still going to get an access-reject response unless
> you setup the user account and password your authenticating with in
> the "users" file.
>
> Jason
>
> --
> Jason Wittlin-Cohen
> Yale Law School, Class of 2010
> jason.wittlin-cohen at yale.edu
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list