migrating client from 2.0 to 3.0

Alan DeKok aland at deployingradius.com
Fri Jan 13 03:16:59 UTC 2023


On Jan 12, 2023, at 8:14 PM, Matt Zagrabelny via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> No, not the same machine.

  Then test it on the same machine.

  Perhaps there's some networking issue which prevents the client from receiving replies sent by the machine running v3.

  The only way to debug this issue is to eliminate possible differences one by one.  That requires a systematic approach.

> Sorry. I wasn't clear. The Service-Type is working as expected. If I remove
> it from Scenario A, I drop into the console with reduced privileges.

  So what happens in scenario B?  The same thing?

  What happens if the RADIUS server is simply down?  Do you still get dropped into the console?

  Again, try eliminating possibilities one by one.  You're not going to fix this by poking the FreeRADIUS configuration.

> That's where I'll look. Though the UPS does contact the 3.0 system just
> fine (when it is configured to do so) - it just appears that it isn't
> respecting the Access-Accept.

  Is the shared secret correct?

  Is the Access-Accept being received by the UPS?

  What happens when the UPS doesn't receive the Access-Accept?

  There's no magic here.  If you run v3 on the same machine which runs v2, *and* send the same Access-Accept with the same contents, it will work.  It has to work.  There's nothing in the RADIUS packets which is different from v2 to v3.

   So... track down what's different.  It's not the RADIUS configuration.

  Alan DeKok.



More information about the Freeradius-Users mailing list