Radius Server Doesn't Communicate AP

Fajar A. Nugraha list at fajar.net
Mon Oct 3 03:08:36 CEST 2011


On Mon, Oct 3, 2011 at 5:03 AM, Alejandro Moreno <mamr901 at hotmail.com> wrote:
> Ok, first of all, not everybody has the resources to afford an "expert" to
> do something...

"expert" can be loosely interpreted as "someone with more
knowledge/expertise/experience".

> besides, this is a university project,

While radius expert might be "rare" in a university, every place with
a LAN in place should have a network "expert". Someone who sets up the
router/firewall/internet access. Someone who gets the call when the
LAN stops working.

> is not something that im doing for a
> company or something, hence im not getting an expert...

It doesn't need to be a CCNA/CCNP/paid support from a tech company. In
IT-based university, it's common for even students to have experience
in that field.

> thats the reason im
> in a forum, this is what they are for...otherwise i would have got an expert
> and not posting in forums

You have over expectation on what a "forum" can do for you.

An easy comparison would be to compare it with web-based support for a
commercial software (e.g. Oracle's OTN, Redhat's RHN). While they are
commercially-obliged to help you (with some types of SLA attached),
you need to have some level of knowledge to properly describe your
problem, gather diagnostic information, and implement the recommended
fix.

A "forum" or list consist mostly of people with spare time with
similar interest in a subject. While most of them will have several
minutes to reply an email, they won't do your job for you. You have to
do it yourself.

>
> anyway...if someone wants to help me...this is what i got
>
> my router is a ENHWI-N3, i've got its firewall disabled
> it's got DHCP server enabled, wan //dinamic ip address
> Lan// 192.168.0.1 subnet mask 255.255.255.0
> i tried to ping Centos ip adress 192.168.75.129 from the AP but is
> unreachable
> but when i do the ping to 127.0.0.1 it's alive
> so the radius server should it be 192.168.75.129 or 127.0.0.1?

Your earlier post say

"
[root at localhost raddb]# tcpdump host 192.168.1.100
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
23:33:30.176868 IP 192.168.75.129.44844 > castel.local.radius: RADIUS,
Access Request (1), id: 0x40 length: 58
"

what is 192.168.1.100? What is raddb? What is the router/gateway that
connects 192.168.75.0 - 192.168.1.0 - 192.168.0.1? Can the networks
reach each oter? What can you do to make them talk to each other?

These simple questions are something network-related, and someone with
experience on setting up a LAN should be able to answer that.

>
> In clients.conf i have
>
> client 192.168.0.1 {
>
> secret = xxxx
> nastype= other
> }
>
>
> i did a nc -zu 192.168.01 1800 1820 and 1812 its working fine its succeeded
> and i did it for 127.0.0.1 too and its fine.
>
> so..this is it...i appreciate if someone could tell me what could it be
> wrong..

Break the problem into smaller pieces. You have radius problem (e.g.
you haven't set it up yet), and you have a network problem.

For network problem, get help from an expert (or just ask some IT guy
on your university). That's my best advice at this point.

For radius problem, start with a simple scenario first: have the
radius and the NAS in the same network (e.g. 192.168.75.0), and start
from there. If you don't have a real "server" and "nas", then do some
simulation with just a notebook/PC (for the radius) and one cheap
wireless AP that can do radius authentication (should be available
under $100).

-- 
Fajar



More information about the Freeradius-Users mailing list