freeradius and mikrotik auth problem pppoe error 691
Fajar A. Nugraha
fajar at fajar.net
Thu Mar 19 13:12:40 CET 2009
2009/3/19 Lazar Cherveniakov <lazkom at mail.bg>:
> Everything looks fine in IP addresses, but the problem is still the same.
Looks like you got exactly the problem I described. See here :
> Mikrotik debug log
> 01:33:40 radius,debug sending 53:02 to 192.168.200.2:1812
Mikrotik thinks radius IP is 192.168.200.2
> radius server ip`s
> # ifconfig
> eth0 Link encap:Ethernet HWaddr 00:19:66:4E:F4:E8
> inet addr:192.168.200.3 Bcast:192.168.200.255 Mask:255.255.255.0
> eth0:1 Link encap:Ethernet HWaddr 00:19:66:4E:F4:E8
> inet addr:192.168.200.2 Bcast:192.168.200.255 Mask:255.255.255.0
... while that IP is secondary IP on the radius server. Do a tcpdump
on radius and you should see that radius replies comes from
192.168.200.3 (which mikrotik discards, because it's not the IP it
sends the request to).
There are several ways to fix this (one of them involves recompiling
freeradius with --with-udpfromto, see
http://wiki.freeradius.org/index.php/FAQ#Why_does_the_NAS_ignore_the_RADIUS_server.27s_reply.3F
), but the easiest way is simply change mikrotik's config to use
192.168.200.3 as radius IP address.
Regards,
Fajar
More information about the Freeradius-Users
mailing list