Need help: Freeradius says "sent access-accept" but actually is not sending it?
Fajar A. Nugraha
list at fajar.net
Fri Nov 15 08:03:32 CET 2019
On Thu, Nov 14, 2019 at 3:19 PM Vyzdura Tomas <Tomas.Vyzdura at vviss.cz> wrote:
>
> I can get the request, and in freeradius debuglog I see it is processed and it even shows Sent Access-Accept but it looks like the server doesn’t send the actual packet – when monitoring with tcpdump I can see only ARP packets sent to the IP address from where the request came.
>
Looks like network issue.
>
> When testing from another machine with same user/password on our network it works – I get authenticated and receive IP address in the response. I also see radius sending packet in tcpdump.
> There is no firewall on the server
>
>
> (0) Sent Access-Accept Id 60 from 10.10.10.75:1812 to 10.10.10.241:37488 length 0
> (0) Framed-IP-Address = 10.10.104.1
> (0) Service-Type = Framed-User
> (0) Finished request
Try these things:
- are you running tcpdump on the correct interface?
- can you ping 10.10.10.241? or connect to some open ports there (e.g
it might have ssh open)
- try running 'ip r'. Does it show a specific route for 10.10.10.241?
There can be cases where an app (e.g. FR) can receive and send udp
packet to a host, but it never even got to the correct interface. In
which case ping or other connectivity test should fail as well.
--
Fajar
More information about the Freeradius-Users
mailing list