Ignoring request to auth... ....from unknown client

Alan DeKok aland at deployingradius.com
Thu Nov 11 03:13:33 CET 2021

On Nov 10, 2021, at 8:38 PM, Ray Young <ryoung at realnetworks.com> wrote:
> Radtest works successfully (confirmed with Access-Accept) when using the loopback ( address.  I’m receiving the following error from radius debug (radiusd -X) when attempting to reach the IP of the freeradius server.
> Ignoring request to auth address * port 1812 bound to server default from unknown client 10.224.x.x port 57243 proto udp

That IP address isn't listed in clients.conf.

> I don’t understand why this IP is an unknown client.  I have 3 machines in the clients.conf file (including the radius server itself using radtest with the actual IP instead of the loopback) and this is happening to all of them.

Because the client definitions are wrong.

> Clients line from clients.conf follows:
> # IPv6 Client
> client localhost_ipv6 {
>      ipv6addr      = ::1
>      secret        = testing123
> }

That is a "client".  Note the word "client" in the definition.

> WLC {
>   ipaddr = 10.124.x.y
>   secret = testing123
> }
> freeradiusserver {
>   ipaddr = 10.224.a.b
>   secret = testing123
> }
> Ali's Machine {
>   ipaddr = 10.124.r.s
>   secret = testing123

Those are not "client"s.  Not that there is no "client" word in the definitions.

You can't just invent syntax and expect it to work.  ALL of the example clients follow the same pattern:

client NAME {
	... contents ...

If you omit the word "client", then it won't work.

Change all of these to add the word "client", as per the documentation and existing examples.

Alan DeKok.

More information about the Freeradius-Users mailing list