Fwd: Error binding to port for 0.0.0.0 port 1812 | address already used
Steven Walters
steven.walters1 at gmail.com
Fri Sep 23 17:05:24 UTC 2022
Thanks for the response Nick. I tried version first 3.0.26 but had an issue
with the openldap driver on RHEL7 when trying to start freeradius. As we
are running RHEL7 I decided on the highest version available from the RHEL7
repo, which is 3.0.13.
I confirmed no freeradius is not running in the background. If I remove
all the sites except default and inner-tunnel, freeradius starts fine.
With the following sites enabled no start.
[root at radius-02.cnt sites-enabled]# ls -ltr
total 0
lrwxrwxrwx. 1 root radiusd 26 Sep 22 11:36 default ->
../sites-available/default
lrwxrwxrwx. 1 root radiusd 31 Sep 22 11:36 inner-tunnel ->
../sites-available/inner-tunnel
lrwxrwxrwx. 1 root root 25 Sep 23 18:38 mobile ->
../sites-available/mobile
lrwxrwxrwx. 1 root root 34 Sep 23 18:38 staticipaddress ->
../sites-available/staticipaddress
With only the following sites-enabled, freeradius starts. The same configs
that worked under 3.0.1 with no issue.
[root at radius-02.cnt sites-enabled]# ls -ltr
total 0
lrwxrwxrwx. 1 root radiusd 26 Sep 22 11:36 default ->
../sites-available/default
lrwxrwxrwx. 1 root radiusd 31 Sep 22 11:36 inner-tunnel ->
../sites-available/inner-tunnel
Default, mobile and staticipaddress using the same protocols (1812 auth and
1813 acct) and "ipaddr=*" for all three.
Kind Regards
Steven
On Fri, 23 Sept 2022 at 14:00, <
freeradius-users-request at lists.freeradius.org> wrote:
> Send Freeradius-Users mailing list submissions to
> freeradius-users at lists.freeradius.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.freeradius.org/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
> freeradius-users-request at lists.freeradius.org
>
> You can reach the person managing the list at
> freeradius-users-owner at lists.freeradius.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
>
>
> Today's Topics:
>
> 1. Re: looking for help on an unusual config (dan)
> 2. Re: looking for help on an unusual config (Alan DeKok)
> 3. Re: looking for help on an unusual config (dan)
> 4. Fwd: Error binding to port for 0.0.0.0 port 1812 | address
> already used (Steven Walters)
> 5. Re: Fwd: Error binding to port for 0.0.0.0 port 1812 |
> address already used (Nick Porter)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 22 Sep 2022 10:12:21 -0600
> From: dan <dandenson at gmail.com>
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> Subject: Re: looking for help on an unusual config
> Message-ID:
> <CAA_JP8XYijQ+vp349N23TOtPtR+L8X_ofdCv541cagq=
> 3kF4Ug at mail.gmail.com>
> Content-Type: text/plain; charset="UTF-8"
>
> >
> >
> > You can use nested expansions / alternation...
> >
> > %{%{%{remote-id}:-%{circuit-id}}:-%{mac-address}}
> >
> > See the debug output for the actual names of the attributes.
> >
> > Use that for the key, and then whatever is there will just work.
> >
> > ok, I'll dig into that.
>
> > > It appears that all DHCP servers work under the assumption that if you
> > want
> > > to do something like this you'll radius back it against a database w/
> CRM
> > > etc. I don't really care about the database part of this initially.
> > >
> > > Thoughts? is this something freeradius can be configured to handle
> > without
> > > adding a database backend?
> >
> > It's difficult to do DHCP assignment without a database. You generally
> > need some way to track the IP address assignments.
> >
> > Alan DeKok.
> >
>
> I don't really want to track IPs in a database, I want them in my routers
> so I'd prefer freeradius as just the radius backend, not using it's DHCP
> capabilities.
>
> Ideally, I want to use Mikrotik's DHCP server hitting freeradius because I
> don't really want to track the IPs so much as just offer a very long lease
> and I'd prefer the visibility of that right in the router itself. I might
> be missing something here though. DHCP request comes in w/ option 82 extra
> data, forwards to radius, freeradius replies with a client ID based on what
> I've used to filter yes? ie, request comes in with remote id of '00:11:22'
> so I want freeradius to reply with client id of 00:11:22' and 'dhcp pool =
> users' and 'accept'. Then my router will hand out an address from pool
> 'users' and the lease will show that client id. If another dhcp request
> comes in with a different MAC but the same option 82 remote ID, radius will
> do the same thing, reply back with the client id and the lease get's
> updated/replaced.
>
> Does this makes sense?
>
>
> ------------------------------
>
> Message: 2
> Date: Thu, 22 Sep 2022 12:24:14 -0400
> From: Alan DeKok <aland at deployingradius.com>
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> Subject: Re: looking for help on an unusual config
> Message-ID: <B775FF3A-D488-4152-9BA1-14F36AFA4902 at deployingradius.com>
> Content-Type: text/plain; charset=us-ascii
>
> On Sep 22, 2022, at 12:12 PM, dan <dandenson at gmail.com> wrote:
> > ie, request comes in with remote id of '00:11:22'
> > so I want freeradius to reply with client id of 00:11:22' and 'dhcp pool
> =
> > users' and 'accept'.
>
> OK... I assume there are actual RADIUS attributes for this?
>
> They're certainly not standard attributes. Maybe Mikrotik has such
> attributes, but I don't use Mikrotik, so I'm not familiar with them.
>
> > Then my router will hand out an address from pool
> > 'users' and the lease will show that client id. If another dhcp request
> > comes in with a different MAC but the same option 82 remote ID, radius
> will
> > do the same thing, reply back with the client id and the lease get's
> > updated/replaced.
> >
> > Does this makes sense?
>
> That explanation makes a lot more sense than the previous very vague
> question. Details matter. And giving details helps us give you the
> correct solution.
>
> Which here is (as always): run the server in debug mode.
>
> See which attributes come in the packet. Then, write if / then / else
> rules to match attributes. And to reply with more attributes.
>
> See the Mikrotik documentation and/or dictionaries for which attributes
> need to be in the reply.
>
> See the FreeRADIUS documentation for how to configure FreeRADIUS.
>
> There are 1000 vendors, each of which have 1000 different products. We
> can't document them all, unfortunately.
>
> Alan DeKok.
>
>
>
> ------------------------------
>
> Message: 3
> Date: Thu, 22 Sep 2022 13:31:43 -0600
> From: dan <dandenson at gmail.com>
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> Subject: Re: looking for help on an unusual config
> Message-ID:
> <
> CAA_JP8WugNMinue45nZykEiXLsYBKroxXY-sGvuFXyK+OMO1SQ at mail.gmail.com>
> Content-Type: text/plain; charset="UTF-8"
>
> 'Alan, thanks for the help here, I appreciate it. Took me a minute to
> get freeradius installed and hack my way through the very basics but
> here's what I have.
>
> Test setup is ubuntu 22.04 freeradius from repos. Mikrotik routeros
> v7 'router' running DHCP with radius pointed to the ubuntu box.
> Another mikrotik v7 'bridge' to insert DHCP option 82.
> The data it inserts is:
> Agent Circuit ID = 'mAP-1 eth 0/2'
> Agent Remote ID = 'ether2'
>
> So I'm looking for the Circuit ID here.
>
> freeradius -X -x with the client for the mikrotik router.
>
> I'm using a yealink phone as the target device here because it's handy.
>
> Ready to process requests
> (8) Received Accounting-Request Id 76 from 192.168.1.208:50139 to
> 192.168.1.211:1813 length 216
> (8) User-Name = "00:15:65:A4:E0:1F"
> (8) NAS-Port-Type = Ethernet
> (8) NAS-Port = 2208301057
> (8) Service-Type = Framed-User
> (8) Calling-Station-Id = "1:0:15:65:a4:e0:1f"
> (8) Framed-IP-Address = 100.72.2.199
> (8) Called-Station-Id = "APs"
> (8) Agent-Remote-Id = 0x657468657232
> (8) ADSL-Agent-Remote-Id = 0x657468657232
> (8) Agent-Circuit-Id = 0x6d41502d312065746820302f32
> (8) ADSL-Agent-Circuit-Id = 0x6d41502d312065746820302f32
> (8) Event-Timestamp = "Sep 22 2022 19:15:06 UTC"
> (8) Acct-Status-Type = Stop
> (8) Acct-Session-Id = "0100a083"
> (8) Acct-Authentic = Local
> (8) Acct-Session-Time = 2218
> (8) NAS-Identifier = "RLB-Access"
> (8) Acct-Delay-Time = 0
> (8) NAS-IP-Address = 192.168.1.208
>
> Agent-Remote-Id's HEX converts to 'ether2'
> Agent-Circuit-Id's HEX converts to 'mAP-1 eth 0/2'
> The 'ADSL versions are identical data so either one I think is usable..
>
>
> On some platforms I can manipulate these two values. On these
> Mikrotik's Remote ID is always set to the device id + serialized port
> id, 'mAP-1' is the 'bridge' device's identification (I can change
> this) and 'eth 0/2' is switch1, port 2 So basically I want to use the
> 'Agent-Circuit-Id'. Other platforms like cambiums cnwave I manually
> put this data into the customer prem radio, so that's likely the
> radio's MAC address. On Ubiquiti I can't remember but I think it's
> radio name + port number as well. I can verify this later. End of
> the day, the HEX value of agent id I think is what I want as the
> username *AND* what I want freeradius to reply for Client ID.
>
>
> On Thu, Sep 22, 2022 at 10:24 AM Alan DeKok <aland at deployingradius.com>
> wrote:
> >
> > On Sep 22, 2022, at 12:12 PM, dan <dandenson at gmail.com> wrote:
> > > ie, request comes in with remote id of '00:11:22'
> > > so I want freeradius to reply with client id of 00:11:22' and 'dhcp
> pool =
> > > users' and 'accept'.
> >
> > OK... I assume there are actual RADIUS attributes for this?
> >
> > They're certainly not standard attributes. Maybe Mikrotik has such
> attributes, but I don't use Mikrotik, so I'm not familiar with them.
> >
> > > Then my router will hand out an address from pool
> > > 'users' and the lease will show that client id. If another dhcp
> request
> > > comes in with a different MAC but the same option 82 remote ID, radius
> will
> > > do the same thing, reply back with the client id and the lease get's
> > > updated/replaced.
> > >
> > > Does this makes sense?
> >
> > That explanation makes a lot more sense than the previous very vague
> question. Details matter. And giving details helps us give you the
> correct solution.
> >
> > Which here is (as always): run the server in debug mode.
> >
> > See which attributes come in the packet. Then, write if / then / else
> rules to match attributes. And to reply with more attributes.
> >
> > See the Mikrotik documentation and/or dictionaries for which
> attributes need to be in the reply.
> >
> > See the FreeRADIUS documentation for how to configure FreeRADIUS.
> >
> > There are 1000 vendors, each of which have 1000 different products.
> We can't document them all, unfortunately.
> >
> > Alan DeKok.
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> ------------------------------
>
> Message: 4
> Date: Fri, 23 Sep 2022 07:03:47 +0200
> From: Steven Walters <steven.walters1 at gmail.com>
> To: freeradius-users at lists.freeradius.org
> Subject: Fwd: Error binding to port for 0.0.0.0 port 1812 | address
> already used
> Message-ID:
> <CALF=
> EMJbdhACzrEzv97bnFg_q+25VVP9POVx1tmj1U8wBd5-2g at mail.gmail.com>
> Content-Type: text/plain; charset="UTF-8"
>
> Hi
>
> We are planning to upgrade from freeradius version 3.0.1 to 3.0.13. I am
> busy testing in the lab. After upgrade, radius don't want to start with the
> following error:
>
> "Failed binding to auth address * port 1812 bound to server
> staticipaddress: Address already in use
> /etc/raddb/sites-enabled/staticipaddress[59]: Error binding to port for
> 0.0.0.0 port 1812"
>
> We are running multiple virtual servers on the same port 1812 and 1813. The
> "ipaddr = *" set in all site configurations.
>
> It seems something changed between versions so any advice will be
> appreciated?
>
> Regards
> Steven
>
>
> ------------------------------
>
> Message: 5
> Date: Fri, 23 Sep 2022 09:22:47 +0100
> From: Nick Porter <nick at portercomputing.co.uk>
> To: freeradius-users at lists.freeradius.org
> Subject: Re: Fwd: Error binding to port for 0.0.0.0 port 1812 |
> address already used
> Message-ID:
> <618c16c9-3a16-d8dd-a282-b720e5bf5469 at portercomputing.co.uk>
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>
> On 23/09/2022 06:03, Steven Walters wrote:
> > Hi
> >
> > We are planning to upgrade from freeradius version 3.0.1 to 3.0.13.
>
> Why upgrade to 3.0.13 - that's 5 years old.? 3.2.0 or 3.0.26 are what
> you should be using now.? https://packages.networkradius.com/
>
> > I am
> > busy testing in the lab. After upgrade, radius don't want to start with
> the
> > following error:
> >
> > "Failed binding to auth address * port 1812 bound to server
> > staticipaddress: Address already in use
> > /etc/raddb/sites-enabled/staticipaddress[59]: Error binding to port for
> > 0.0.0.0 port 1812"
>
> That error means something else is already bound to port 1812 - likely
> FreeRADIUS running in the background.
>
> Kill the existing processes first
>
> >
> > We are running multiple virtual servers on the same port 1812 and 1813.
> The
> > "ipaddr = *" set in all site configurations.
> >
> > It seems something changed between versions so any advice will be
> > appreciated?
> >
> > Regards
> > Steven
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> --
> Nick Porter
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: OpenPGP_signature
> Type: application/pgp-signature
> Size: 665 bytes
> Desc: OpenPGP digital signature
> URL: <
> http://lists.freeradius.org/pipermail/freeradius-users/attachments/20220923/8b3d9b58/attachment-0001.sig
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> ------------------------------
>
> End of Freeradius-Users Digest, Vol 209, Issue 30
> *************************************************
>
--
Warm Regads
Steven Walters
0814287179
More information about the Freeradius-Users
mailing list