radius is not listening

saman saman ssaman at hotmail.com
Tue Oct 21 10:51:22 CEST 2008 

Hi Elizabeth,
Thanks for the quick response.
I tried
 #/usr/sbin/tcpdump -X host 127.0.0.1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
(Nothing happening)

#/usr/sbin/tcpdump -X svr1.marind.com
15:20:55.301070 IP 192.168.1.50.63188> svr1.marind.com.domain:  13870+ A? b.rad.live.com. (32)vr
        0x0000:  4500 003c a1c1 0000 8011 1568 c0a8 0132  E.. svr1.marind.com.domain:  57001+ A? b.rad.live.com. (32)
        0x0000:  4500 003c a1cb 0000 8011 155e c0a8 0132  E.. svr1.marind.com.domain:  28694+ A? gfx2.hotmail.com. (34)
        0x0000:  4500 003e a1cc 0000 8011 155b c0a8 0132  E..>.......[...2
        0x0010:  c0a8 0105 d55b 0035 002a 1dc8 7016 0100  .....[.5.*..p...
        0x0020:  0001 0000 0000 0000 0467 6678 3207 686f  .........gfx2.ho
        0x0030:  746d 6169 6c03 636f 6d00 0001 0001       tmail.com.....
15:21:05.556816 IP 192.168.1.50.51451> svr1.marind.com.domain:  57001+ A? b.rad.live.com. (32)
        0x0000:  4500 003c a1cd 0000 8011 155c c0a8 0132  E.. svr1.marind.com.domain:  28694+ A? gfx2.hotmail.com. (34)
        0x0000:  4500 003e a1ce 0000 8011 1559 c0a8 0132  E..>.......Y...2
        0x0010:  c0a8 0105 d55b 0035 002a 1dc8 7016 0100  .....[.5.*..p...
        0x0020:  0001 0000 0000 0000 0467 6678 3207 686f  .........gfx2.ho
        0x0030:  746d 6169 6c03 636f 6d00 0001 0001       tmail.com.....
.....etc

# /usr/sbin/lsof -i |grep -i radius
radiusd   3965    root    5u  IPv4  10123       UDP 192.168.0.10:radius
radiusd   3965    root    6u  IPv4  10125       UDP 192.168.0.10:radius-acct
radiusd   3965    root    7u  IPv4  10126       UDP 192.168.0.10:1814

#telnet 127.0.0.1
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
telnet: Unable to connect to remote host: Connection refused

# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 svr1.marind.com ESMTP Sendmail 8.13.1/8.13.1; Tue, 21 Oct 2008 15:46:37 +0700

#netstat -tna
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 0.0.0.0:32769               0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:139                 0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:783               0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:21                  0.0.0.0:*                   LISTEN
tcp        0      0 192.168.1.5:53              0.0.0.0:*                   LISTEN
tcp        0      0 192.168.0.10:53             0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:3128                0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:445                 0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:25                127.0.0.1:32848             TIME_WAIT
tcp        0      0 :::993                      :::*                        LISTEN
tcp        0      0 :::995                      :::*                        LISTEN
tcp        0      0 :::110                      :::*                        LISTEN
tcp        0      0 :::143                      :::*                        LISTEN
tcp        0      0 :::80                       :::*                        LISTEN
tcp        0      0 :::22                       :::*                        LISTEN
tcp        0      0 :::443                      :::*                        LISTEN

Before I changed the freeradius setting from tls to peap..everything were fine..
I have mail server also and previously testing telnet localhost work fine.

"rules file" do you mean iptables?


________________________________
> Date: Sun, 19 Oct 2008 21:46:37 -0700
> From: liz at twistedpair.cc
> To: freeradius-users at lists.freeradius.org
> Subject: Re: radius is not listening
> 
> a few more suggestions :)
> 
> What is in your rules file?
> 
> Can you telnet to localhost port 1812, how about 127.0.0.1 1812 (broken hosts file mebbe)
> 
> also try this
> 
> lsof -i |grep -i radius
> 
> you should see radius listening
> 
> Liz
> 
> 
> On Sun, Oct 19, 2008 at 7:38 PM, saman saman <ssaman at hotmail.com> wrote:
> 
> HI Alan,
> what If radtest localhost also doesn't work either?
> here the iptables output
> #iptables -L -n
> Chain INPUT (policy DROP)
> target     prot opt source               destination
> ACCEPT     all  --  127.0.0.1            0.0.0.0/0
> ACCEPT     all  --  192.168.1.2          0.0.0.0/0
> ACCEPT     all  --  192.168.0.10         0.0.0.0/0
> ACCEPT     all  --  192.168.0.0/24       0.0.0.0/0
> ACCEPT     all  --  0.0.0.0/0            192.168.1.0/24
> ACCEPT     all  --  .0.0.0/0            192.168.1.2         state RELATED,ESTABLISHED
> svr1       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:21
> svr1       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22
> srv1       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80
> srv1       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80
> svr1       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:110
> svr1       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:113
> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:1812
> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:1813
> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:1814
> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:53
> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:110
> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:2074
> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:4000
> ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 8
> ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 11
> ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 80
> 
> Chain FORWARD (policy DROP)
> target     prot opt source               destination
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
> 
> Chain OUTPUT (policy DROP)
> target     prot opt source               destination
> ACCEPT     all  --  127.0.0.1            0.0.0.0/0
> ACCEPT     all  --  192.168.0.10         0.0.0.0/0
> ACCEPT     all  --  192.168.1.2          0.0.0.0/0
> ACCEPT     all  --  192.168.1.206        0.0.0.0/0
> 
> Chain mars (6 references)
> target     prot opt source               destination
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x16/0x02
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
> DROP       tcp  --  0.0.0.0/0            0.0.0.0/0
> 
> #radtest John hello localhost 0 testing
>        User-Name = "John"
>        User-Password = "hello"
>        NAS-IP-Address = 192.168.1.2
>        NAS-Port = 0
>        User-Name = "John"
>        User-Password = "hello"
>        NAS-IP-Address = 192.168.1.2
>        NAS-Port = 0
>        User-Name = "John"
>        User-Password = "hello"
>        NAS-IP-Address = 192.168.1.2
>        NAS-Port = 0
>        User-Name = "John"
>        User-Password = "hello"
>        NAS-IP-Address = 192.168.1.2
>        NAS-Port = 0
>        User-Name = "John"
>        User-Password = "hello"
>        NAS-IP-Address = 192.168.1.2
>        NAS-Port = 0
>        User-Name = "John"
>        User-Password = "hello"
>        NAS-IP-Address = 192.168.1.2
>        NAS-Port = 0
> 
> The above iptables output shows the udp 1812, 1813 & 1814 are all accepted.
> 
> > > Hi I am a newbie and recently would like to try to experience freeradius-server-2.0.4 but unfortunately I have problems can't solved.
> > > The freeradius is running ok but when attempt to authenticate the server is just not responding to clients request.
> > ...
> > > #radiusd -X
> > ...
> > > Ready to process requests.
> >
> >   The point of debug mode is to show it processing packets.
> >
> >   If you've sent it packets and it doesn't receive them, fix the
> > firewall on your OS to allow RADIUS packets.
> >
> >   Alan DeKok.
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 
> _________________________________________________________________
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

_________________________________________________________________

More information about the Freeradius-Users mailing list