freeradius not responding on machine specific IPs
Alan DeKok
aland at deployingradius.com
Sat Dec 13 23:30:20 CET 2008
kevin wrote:
> What I didn't realize nor think of, is that I could run radtest against
> the debug run. Every reference to debug mode simply indicated to run in
> debug, check if there were errors, and the ctrl-X and run freeradius
> again in standard mode.
The intent of the debug output is to run *all* of your tests with
debugging output on. Otherwise, you're running tests where you
completely ignore the output of the server.
> So I ran freeradius in debug mode an then ssh'd into the server again in
> another instance. Ran radtest again and found these output results:
>
>> rad_recv: Access-Request packet from host 192.168.3.199:41953, id=15, length=56
>> Ignoring request from unknown client 192.168.3.199:41953
>> --- Walking the entire request list ---
>> Nothing to do. Sleeping until we see a request.
>
> unh-hunh... FR was getting the request, and IGNORING IT...
That's how RADIUS works. It accepts requests only from known client.
> so the
> client never knew that FR had received the request. Great for security
> (looks like the port was closed), so that pointed me in the wrong
> direction, thinking it wasn't open or getting requests.
Again, you spent a lot of time verifying that the client was sending
packets You didn't validate that the server was *receiving* the packets.
> Anyhow, I changed the clients.conf to include the external IP of the
> server, ran the test again, and it worked as expected:
Exactly.
Alan DeKok.
More information about the Freeradius-Users
mailing list