FreeRadius not responding to requests from external host

Darren Share darren.share at chronos.uk
Wed Mar 9 17:13:24 UTC 2022


Hello Alan,

Thanks for the reply.

>  If FreeRADIUS isn't getting packets, then it's an OS issue.

Well, I guess that's my implied question. *Is* FR for sure not getting packets? If there's no response on the output of radiusd -X, does that mean it is 100% not receiving anything? As opposed to simply being unhappy with what it's receiving, for whatever reason?

 > That doesn't matter.

>  TCPdump looks at the packets deep in the OS network stack.  i.e. it typically bypasses firewalls and other security systems.

It matters insomuch as I am happy there's no network issue, and also that it's not an interop issue with the application itself. Just trying to eliminate all the obvious stuff first.

>  SeLinux is running, and is preventing FreeRADIUS from accepting packets.

SeLinux was running, you are correct. However, disabling it has had no effect.

[root at tp11 ~]# sestatus
SELinux status:                 disabled

>   Ugh.  Why?  We have up to date packages available at: http://packages.networkradius.com 

It was just installed from the CentOS repos, suggest you raise it with the maintainers. For my part, this is just a quick-and-dirty installation to confirm there are no issues with our application's implementation of a RADIUS client, so it's good enough, as long as I can resolve this issue at the moment.

Would appreciate any further thoughts.

Thanks.

Darren.
	

-----Original Message-----
From: Freeradius-Users <freeradius-users-bounces+darren.share=chronos.uk at lists.freeradius.org> On Behalf Of Alan DeKok
Sent: 09 March 2022 16:26
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: FreeRadius not responding to requests from external host

On Mar 9, 2022, at 10:58 AM, Darren Share <darren.share at chronos.uk> wrote:
> Hope someone can tell me where I’m going wrong here, because I’m stumped.

  If FreeRADIUS isn't getting packets, then it's an OS issue.

  If FreeRAIDUS is getting packets and complaining about "unknown client" or "invalid authenticator", then the clients.conf entry is missing or wrong.

  There really are no other options.

> FR server is on 172.31.2.11. Firewalld turned off. FR responds perfectly to requests from an application running locally on the same server.

  That's good.

> A copy of the same application on a server with IP 172.31.1.36 is not getting any response. The output of radiusd -X shows nothing, as if it didn’t receive a request, yet packets are arriving as per tcpdump:

  That doesn't matter.

  TCPdump looks at the packets deep in the OS network stack.  i.e. it typically bypasses firewalls and other security systems.

> [root at tp11 raddb]# firewall-cmd --list-all FirewallD is not running

  SeLinux is running, and is preventing FreeRADIUS from accepting packets.

> Complete output of radiusd -X:
>
> FreeRADIUS Version 3.0.13

  Ugh.  Why?  We have up to date packages available at: http://packages.networkradius.com

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Caution: This email originated outside of our organisation. DO NOT CLICK links or attachments unless you recognise the sender and know the content is safe.



More information about the Freeradius-Users mailing list