Using radtest on port 1645

Brett Glasson Brett.Glasson at max.com.au
Thu Feb 23 04:17:00 CET 2017


Hi all

I have a question regarding freeradius (specifically radtest) which I'm hoping somebody can shed some light on.

I have configured a new radius server to replace one of our ancient legacy production systems which is currently running:

     FreeRADIUS Version 1.1.7, for host i386-portbld-freebsd6.2,  built on Dec  2 2008 at 00:30:57.

Considering the age of this system it will not be a surprise to learn that radiusd is currently listening on port 1645.  I wish to replicate that behaviour on the replacement server.

Consequently I have built a replacement like so:

    FreeRADIUS Version 2.2.6, for host x86_64-redhat-linux-gnu, built on Sep 22 2015 at 15:27:25

When I configure the server using  the default port  1812 everything works fine when testing via radtest (on a remote host):

# radtest test testpass 1.2.3.4 1812 testing123

Sending Access-Request of id 95 to 1.2.3.4 port 1812
User-Name = "test"
User-Password = "testpass"

NAS-IP-Address = 2.3.4.5

NAS-Port = 1812

Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 1.2.3.4 port 1812, id=95, length=20

 However, I do have a problem when trying to TEST authenticate when the server is using port 1645 using  radtest on any system that is not ancient.

I have tried radtest using port 1645 from the following systems;

CentOS 6 - FAIL
Ubuntu 16.04 - FAIL
​FreeBSD 10 - FAIL
​FreeBSD 6 - OK
 
So radtest works on port 1645 from the vintage FreeBSD 6 machine but from all the other, newer systems I get the same result:

radtest test testpass 1.2.3.9.4 1645 testing123 
Sending Access-Request of id 160 to 1.2.3.4 port 1812
User-Name = "test"
User-Password = "testpass"
NAS-IP-Address = 2.3.4.5
NAS-Port = 1645
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 1.2.3.4 port 1812, id=160, length=20

Note the part where radtest has ignored the provided port 1645 and has gone ahead and used 1812 anyway, although the NAS-Port is (correctly shown as being 1645 later on.

In fact if I revert the radius server back to port 1812 and issue the same radtest command (using port 1645) it still works, even though the server is on port 1812. (The FreeBSD 6 machine fails as expected)

Then, while looking about on google I noticed various radtest examples which use 0, or 10 for the port, some of which explicitly state that it doesn't actually matter what you put in that "port" field at all. So I tried putting random numbers in and indeed  it worked when the server is on port 1812 no matter what port number I provided.

This would appear to be a bug in radtest that has been around for quite some time (because CentOS 6 is hardly a spring chicken either) 

Either that or support for user provided ports has been removed from radtest altogether but I can't find any release notes online or any other references that suggest this.

I was going to submit a bug report but the "Report a bug" link to http://bugs.freeradius.org/ as displayed on the freeradius download site appears to be broken. Also, I am not 100% sure that it is a bug anyway. 

If the ability to choose a port other than 1812 has been removed from radtest then it would be kind of nice if that was documented somewhere that is easy to find.

It's not a showstopper for me but it would be nice to understand what is going on anyway.

Anyway, if you have gotten this far then thanks for reading.

Cheers

Brett
​
   



More information about the Freeradius-Users mailing list