Credentials differ when proxying
Alan DeKok
aland at deployingradius.com
Tue Oct 20 13:53:05 CEST 2020
On Oct 20, 2020, at 2:26 AM, Julien Cochennec <julien.cochennec at ac-orleans-tours.fr> wrote:
>
> Ok, thanks a lot Alan, let's do it right then, sorry for missing the docs, I thought I read it all though.
>
> A is radiusA.domain, IP 172.29.179.49
>
> B is radiusB.domain, IP 172.29.49.89
>
> C is IP 172.29.188.249
>
>
> 1) When I try to connect from A to B :
>
> echo "User-Name=***,User-Password=***" | radclient radiusB.domain:1812 auth ***
> Sent Access-Request Id 133 from 0.0.0.0:50763 to 172.29.49.89:1812 length 67
> Received Access-Accept Id 133 from 172.29.49.89:1812 to 172.29.179.49:50763 length 20
You're debugging the server by looking at the output of "radclient".
Just... no.
> 2) When I try to connect from C to A :
>
> echo "User-Name=***,User-Password=***" | radclient radiusA.domain:1812 auth ***
> Sent Access-Request Id 253 from 0.0.0.0:44465 to 172.29.179.49:1812 length 67
> Received Access-Reject Id 253 from 172.29.179.49:1812 to 172.29.188.249:44465 length 20
> (0) -: Expected Access-Accept got Access-Reject
>
> 3) On A in debug mode :
>
> (0) Received Access-Request Id 49 from 172.29.188.249:59565 to 172.29.179.49:1812 length 67
> ...
> (0) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type
> (0) pap: WARNING: Authentication will fail unless a "known good" password is available
That seems pretty clear.
How are users supposed to be authenticated? Where are the passwords stored?
Alan DeKok.
More information about the Freeradius-Users
mailing list