freeradius and mikrotik auth problem pppoe error 691
orion
meshkruaj at gmail.com
Fri Mar 20 18:33:55 CET 2009
i had the same problem when i wanted to authenticate the hotspot`s user with
freeradius.
the solution was to make a static mapping on IP - HOTSPOT - IP BINDINGS
MAC address : THE MAC OF THE SERVER
ADDRESS : THE IP ADDRESS OF THE SERVER
TO ADDRESS : THE SAME AS ABOVE
SERVER : ALL
TYPE : REGULAR or BYPASSED
and than it worked. it was related since the hotspot connections are passed
to the mikrotik`s webproxy ( capture portal/page )
2009/3/19 Fajar A. Nugraha <fajar at fajar.net>
> 2009/3/19 Lazar Cherveniakov <lazkom at mail.bg>:
> > Everything looks fine in IP addresses, but the problem is still the same.
>
> Looks like you got exactly the problem I described. See here :
>
> > Mikrotik debug log
> > 01:33:40 radius,debug sending 53:02 to 192.168.200.2:1812
>
> Mikrotik thinks radius IP is 192.168.200.2
>
> > radius server ip`s
> > # ifconfig
> > eth0 Link encap:Ethernet HWaddr 00:19:66:4E:F4:E8
> > inet addr:192.168.200.3 Bcast:192.168.200.255
> Mask:255.255.255.0
> > eth0:1 Link encap:Ethernet HWaddr 00:19:66:4E:F4:E8
> > inet addr:192.168.200.2 Bcast:192.168.200.255
> Mask:255.255.255.0
>
> ... while that IP is secondary IP on the radius server. Do a tcpdump
> on radius and you should see that radius replies comes from
> 192.168.200.3 (which mikrotik discards, because it's not the IP it
> sends the request to).
>
> There are several ways to fix this (one of them involves recompiling
> freeradius with --with-udpfromto, see
>
> http://wiki.freeradius.org/index.php/FAQ#Why_does_the_NAS_ignore_the_RADIUS_server.27s_reply.3F
> ), but the easiest way is simply change mikrotik's config to use
> 192.168.200.3 as radius IP address.
>
> Regards,
>
> Fajar
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090320/cc38c8ad/attachment.html>
More information about the Freeradius-Users
mailing list