FreeRadius not responding to requests from external host

Jonathan Davis jonathan at prioritycolo.com
Wed Mar 9 17:23:17 UTC 2022


tcpdump filtered by the nas ip

> On Mar 9, 2022, at 12:13 PM, Darren Share <darren.share at chronos.uk> wrote:
> 
> Hello Alan,
> 
> Thanks for the reply.
> 
>> If FreeRADIUS isn't getting packets, then it's an OS issue.
> 
> Well, I guess that's my implied question. *Is* FR for sure not getting packets? If there's no response on the output of radiusd -X, does that mean it is 100% not receiving anything? As opposed to simply being unhappy with what it's receiving, for whatever reason?
> 
>> That doesn't matter.
> 
>> TCPdump looks at the packets deep in the OS network stack.  i.e. it typically bypasses firewalls and other security systems.
> 
> It matters insomuch as I am happy there's no network issue, and also that it's not an interop issue with the application itself. Just trying to eliminate all the obvious stuff first.
> 
>> SeLinux is running, and is preventing FreeRADIUS from accepting packets.
> 
> SeLinux was running, you are correct. However, disabling it has had no effect.
> 
> [root at tp11 ~]# sestatus
> SELinux status:                 disabled
> 
>>  Ugh.  Why?  We have up to date packages available at: http://packages.networkradius.com 
> 
> It was just installed from the CentOS repos, suggest you raise it with the maintainers. For my part, this is just a quick-and-dirty installation to confirm there are no issues with our application's implementation of a RADIUS client, so it's good enough, as long as I can resolve this issue at the moment.
> 
> Would appreciate any further thoughts.
> 
> Thanks.
> 
> Darren.
>    
> 
> -----Original Message-----
> From: Freeradius-Users <freeradius-users-bounces+darren.share=chronos.uk at lists.freeradius.org> On Behalf Of Alan DeKok
> Sent: 09 March 2022 16:26
> To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
> Subject: Re: FreeRadius not responding to requests from external host
> 
>> On Mar 9, 2022, at 10:58 AM, Darren Share <darren.share at chronos.uk> wrote:
>> Hope someone can tell me where I’m going wrong here, because I’m stumped.
> 
>  If FreeRADIUS isn't getting packets, then it's an OS issue.
> 
>  If FreeRAIDUS is getting packets and complaining about "unknown client" or "invalid authenticator", then the clients.conf entry is missing or wrong.
> 
>  There really are no other options.
> 
>> FR server is on 172.31.2.11. Firewalld turned off. FR responds perfectly to requests from an application running locally on the same server.
> 
>  That's good.
> 
>> A copy of the same application on a server with IP 172.31.1.36 is not getting any response. The output of radiusd -X shows nothing, as if it didn’t receive a request, yet packets are arriving as per tcpdump:
> 
>  That doesn't matter.
> 
>  TCPdump looks at the packets deep in the OS network stack.  i.e. it typically bypasses firewalls and other security systems.
> 
>> [root at tp11 raddb]# firewall-cmd --list-all FirewallD is not running
> 
>  SeLinux is running, and is preventing FreeRADIUS from accepting packets.
> 
>> Complete output of radiusd -X:
>> 
>> FreeRADIUS Version 3.0.13
> 
>  Ugh.  Why?  We have up to date packages available at: http://packages.networkradius.com
> 
>  Alan DeKok.
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> Caution: This email originated outside of our organisation. DO NOT CLICK links or attachments unless you recognise the sender and know the content is safe.
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list