curious network problem
Antony King
antony.king at solutiontrax.com
Tue Aug 17 13:36:34 CEST 2010
*edit*
After writing most of the below, I used iperf to check that UDP packets were
getting through, and discovered that after about 4 packets the stream was
getting dropped. This turned out to be caused by vmware sitting on the
interface I was connecting to and doing 'something' - not sure what - to the
udp stream. Coming in on a different interface has solved the problem.
Thanks for your help,
Antony.
On Tuesday 17 August 2010 10:26:05 Alan DeKok wrote:
> Antony King wrote:
> > I did 'make destroycerts', then 'make' in the certs directory. It should
> > all be new in there.
>
> OK.
>
> > it's just very frustrating that it all works perfectly if you
> > are localhost, but not if you are a remote host.
>
> Or maybe "it works from localhost with eapol_test, which is simple and
> sane", and "it doesn't work remotely with Windows, which is insane and
> ridiculously complicated"
...
> If it works with eapol_test, and not with Windows, blame Windows. If
> you have all of the right certs && config on the Windows machine (as
> shown on my web site), then that version of Windows is broken. Use
> another Windows machine and it should work.
I've not got any windows kit on my network at all. I'm using eapol_test
throughout at the moment (see my first email for the commands that I used)
I've just recompiled from the same 2.1.9 tarball that I used on the working
server, done the absolute bare minimum to configure (your howto said it should
pretty much work out of the box with no config for eap), and I've got the same
results - ie, eapol-test works from localhost but not remotely. The same test
using the same two machines swapped over, ie, client on the 'live' machine,
server on my dev machine, works fine.
The procedure I followed to to this most recent install were:
uninstall freeradius from the broken server, move all the configs out the way
copy + extract freeradius_2.1.9+git.tar.gz from my working server to the
broken one
./configure
discover I don't have mysql-devel, python-devel and gdbm-devel. Use yum to
install those, make clean, ./configure again, then make install
All the config files have been installed to /usr/local/etc/raddb, which suits
me as I don't like doing 'make install' on a rpm based machine!
in ./certs, edit the three .cnf files, do 'make'
edit clients.conf to allow the remote machine to connect:
client 192.168.0.0/16 {
nastype = other
secret = testing123
shortname = name
}
take out the '#' before 'include sql' in radiusd.conf and in sites-
enabled/inner-tunnel
change the mysql password in sql.conf
put 'copy_request_to_tunnel' in eap.conf in the ttls section, so that I can
check for calling_station_Id at
The radcheck table database is identical on both machines and contains this:
mysql> select * from radcheck;
+----+----------+--------------------+----+--------------+
| id | username | attribute | op | value |
+----+----------+--------------------+----+--------------+
| 1 | u | Cleartext-Password | := | p |
| 7 | o | Calling-Station-Id | := | 00197e18c21b |
| 6 | n | Auth-type | := | EAP |
| 4 | m | Cleartext-Password | := | p |
| 5 | m | Calling-Station-Id | := | 00197eb8c20a |
| 8 | o | Cleartext-Password | := | p |
| 9 | john | Cleartext-Password | := | password1 |
+----+----------+--------------------+----+--------------+
7 rows in set (0.00 sec)
I believe that's all I changed from the default config. Still doesn't work
though - fails in exactly the same way.
I'm pretty sure the network between the two machines is clear - would it give
a comms error if some packets were getting truncated if there were, eg a MTU
issue?
More information about the Freeradius-Users
mailing list