FreeRadius not responding to requests from external host
Jonathan Davis
jonathan at prioritycolo.com
Wed Mar 9 17:23:17 UTC 2022
tcpdump filtered by the nas ip
> On Mar 9, 2022, at 12:13 PM, Darren Share <darren.share at chronos.uk> wrote:
>
> Hello Alan,
>
> Thanks for the reply.
>
>> If FreeRADIUS isn't getting packets, then it's an OS issue.
>
> Well, I guess that's my implied question. *Is* FR for sure not getting packets? If there's no response on the output of radiusd -X, does that mean it is 100% not receiving anything? As opposed to simply being unhappy with what it's receiving, for whatever reason?
>
>> That doesn't matter.
>
>> TCPdump looks at the packets deep in the OS network stack. i.e. it typically bypasses firewalls and other security systems.
>
> It matters insomuch as I am happy there's no network issue, and also that it's not an interop issue with the application itself. Just trying to eliminate all the obvious stuff first.
>
>> SeLinux is running, and is preventing FreeRADIUS from accepting packets.
>
> SeLinux was running, you are correct. However, disabling it has had no effect.
>
> [root at tp11 ~]# sestatus
> SELinux status: disabled
>
>> Ugh. Why? We have up to date packages available at: http://packages.networkradius.com
>
> It was just installed from the CentOS repos, suggest you raise it with the maintainers. For my part, this is just a quick-and-dirty installation to confirm there are no issues with our application's implementation of a RADIUS client, so it's good enough, as long as I can resolve this issue at the moment.
>
> Would appreciate any further thoughts.
>
> Thanks.
>
> Darren.
>
>
> -----Original Message-----
> From: Freeradius-Users <freeradius-users-bounces+darren.share=chronos.uk at lists.freeradius.org> On Behalf Of Alan DeKok
> Sent: 09 March 2022 16:26
> To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
> Subject: Re: FreeRadius not responding to requests from external host
>
>> On Mar 9, 2022, at 10:58 AM, Darren Share <darren.share at chronos.uk> wrote:
>> Hope someone can tell me where I’m going wrong here, because I’m stumped.
>
> If FreeRADIUS isn't getting packets, then it's an OS issue.
>
> If FreeRAIDUS is getting packets and complaining about "unknown client" or "invalid authenticator", then the clients.conf entry is missing or wrong.
>
> There really are no other options.
>
>> FR server is on 172.31.2.11. Firewalld turned off. FR responds perfectly to requests from an application running locally on the same server.
>
> That's good.
>
>> A copy of the same application on a server with IP 172.31.1.36 is not getting any response. The output of radiusd -X shows nothing, as if it didn’t receive a request, yet packets are arriving as per tcpdump:
>
> That doesn't matter.
>
> TCPdump looks at the packets deep in the OS network stack. i.e. it typically bypasses firewalls and other security systems.
>
>> [root at tp11 raddb]# firewall-cmd --list-all FirewallD is not running
>
> SeLinux is running, and is preventing FreeRADIUS from accepting packets.
>
>> Complete output of radiusd -X:
>>
>> FreeRADIUS Version 3.0.13
>
> Ugh. Why? We have up to date packages available at: http://packages.networkradius.com
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> Caution: This email originated outside of our organisation. DO NOT CLICK links or attachments unless you recognise the sender and know the content is safe.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list