Re: The client does not connect _*_*_*_
ok, I think the server is reading files on the path: /usr/local/etc/
so, I modified the file /usr/local/etc/raddb/clients.conf by adding:
client ipipgw {
ipaddr = 192.168.6.201
secret = testing123
shortname = c3725
nastype = cisco
login = user
password= userpass
}
and this is the debug output:
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.6.201 port 1645, id=4,
length=84
User-Name = thanh
User-Password = -*\333\003D\215\345\\\302\036\251\320:\373ȇ
NAS-Port = 98
NAS-Port-Id = tty98
NAS-Port-Type = Virtual
Calling-Station-Id = 192.168.6.20
NAS-IP-Address = 192.168.6.201
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = thanh, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No known good password found for the user. Authentication
may fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Failed to authenticate the user.
WARNING: Unprintable characters in the password. Double-check the
shared secret on the server and the NAS!
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} - thanh
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 4 to 192.168.6.201 port 1645
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.6.201 port 1645, id=4,
length=84
Sending duplicate reply to client ipipgw port 1645 - ID: 4
Sending Access-Reject of id 4 to 192.168.6.201 port 1645
Waking up in 1.2 seconds.
Cleaning up request 0 ID 4 with timestamp +52
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.6.201 port 1645, id=4,
length=84
User-Name = thanh
User-Password = -*\333\003D\215\345\\\302\036\251\320:\373ȇ
NAS-Port = 98
NAS-Port-Id = tty98
NAS-Port-Type = Virtual
Calling-Station-Id = 192.168.6.20
NAS-IP-Address = 192.168.6.201
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = thanh, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No known good password found for the user. Authentication
may fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Failed to authenticate the user.
WARNING: Unprintable characters in the password. Double-check the
shared secret on the server and the NAS!
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} - thanh
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 4 to 192.168.6.201 port 1645
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.6.201 port 1645, id=4,
length=84
Sending duplicate reply to client ipipgw port 1645 - ID: 4
Sending Access-Reject of id 4 to 192.168.6.201 port 1645
Waking up in 1.2 seconds.
Cleaning up request 1 ID 4 with timestamp +61
Ready to process requests.
plz tell me how to solve this.
thank you vrey much
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
htt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
Hi, User-Password = -*\333\003D\215\345\\\302\036\251\320:\373ȇ note the mess ..then note this warning: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! not sure how much more help the server can give you. you have incorrect shared secret. double check your values...trailing space? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
Hi, I don't know why the user-password id encrypted, how can I make a cleartext secret...;(( thank in advance On 11 May 2010 14:23, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote: Hi, User-Password = -*\333\003D\215\345\\\302\036\251\320:\373ȇ note the mess ..then note this warning: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! not sure how much more help the server can give you. you have incorrect shared secret. double check your values...trailing space? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- htt - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
Le 11/05/2010 10:09, htt thanh a écrit : Hi, I don't know why the user-password id encrypted, how can I make a cleartext secret...;(( The pb is with your client shared secret: the secret you set in /etc/raddb/clients.conf and in your NAS configuration. It seems that you haven't set the same secret in your FR configuration and in your NAS so that the password sent to FR is not correctly decrypted. Thibaukt thank in advance On 11 May 2010 14:23, Alan Buxey a.l.m.bu...@lboro.ac.uk mailto:a.l.m.bu...@lboro.ac.uk wrote: Hi, User-Password = -*\333\003D\215\345\\\302\036\251\320:\373ȇ note the mess ..then note this warning: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! not sure how much more help the server can give you. you have incorrect shared secret. double check your values...trailing space? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- htt - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
hafthanhf wrote: hi Alan, I have the same problem with Martin, plz help me.. I added something in the raddb/clients.conf file as follow: So... run the server in debugging mode as suggested everywhere. READ the debug output. Is the client listed? READ the debug output. When it receives a packet, what happens? My magical ability to solve problems is largely a result of reading the output of the server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
thank for repy Alan, for clear, here is my topology PC | SW---Router (c3725) | Radius server when I telnet to the router fromg my PC, the radius server list the clients as unknow clients.as soon as I entered the password. the debug output is as follow: ignoring request to authentication address * port 1812 from unknow client 192.168.6.201 port 1645 I've also run debug radius mode on the router, and here is the output: *Mar 1 00:06:03.507: RADIUS: no sg in radius-timers: ctx 0x658A67E4 sg 0x *Mar 1 00:06:03.511: RADIUS: Retransmit to (192.168.6.102:1812,1813) for id 1645/2 each time the router retransmit access requess message, the server show the output as above. On 10 May 2010 13:10, Alan DeKok al...@deployingradius.com wrote: hafthanhf wrote: hi Alan, I have the same problem with Martin, plz help me.. I added something in the raddb/clients.conf file as follow: So... run the server in debugging mode as suggested everywhere. READ the debug output. Is the client listed? READ the debug output. When it receives a packet, what happens? My magical ability to solve problems is largely a result of reading the output of the server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- htt - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
htt thanh wrote: thank for repy Alan, for clear, here is my topology I didn't ask for that. when I telnet to the router fromg my PC, the radius server list the clients as unknow clients.as soon as I entered the password. You already said that. the debug output is as follow: ignoring request to authentication address * port 1812 from unknow client 192.168.6.201 port 1645 Did you read the *rest* of the debug output as I suggested? I've also run debug radius mode on the router, and here is the output: I didn't ask for that. Honestly, it's not that difficult to see what's going on. Go back to my previous message, and READ IT. Be sure that you answer BOTH questions. The problem here is that you're not following instructions. That's a guaranteed way to *never* solve the problem. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
hi Alan, thank you to get me out of the wrong way, I've checked the whole of server's output,in debug mode , and I found out that the radius included its configuration file with this path, all of them are: /usr/local/etc/raddb/xxx e.g: including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/modules/ ... while the path of configuration files I modified is: /usr/local/freeradius-server-2.1.8/raddb/ So should I change the configuration files in the path /usr/local/etc/raddb or make some modifications in the /usr/local/freeradius-server-2.1.8/raddb/radiusd.conf? .. On 10 May 2010 15:11, Alan DeKok al...@deployingradius.com wrote: htt thanh wrote: thank for repy Alan, for clear, here is my topology I didn't ask for that. when I telnet to the router fromg my PC, the radius server list the clients as unknow clients.as soon as I entered the password. You already said that. the debug output is as follow: ignoring request to authentication address * port 1812 from unknow client 192.168.6.201 port 1645 Did you read the *rest* of the debug output as I suggested? I've also run debug radius mode on the router, and here is the output: I didn't ask for that. Honestly, it's not that difficult to see what's going on. Go back to my previous message, and READ IT. Be sure that you answer BOTH questions. The problem here is that you're not following instructions. That's a guaranteed way to *never* solve the problem. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- htt - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
htt thanh wrote: hi Alan, thank you to get me out of the wrong way, I've checked the whole of server's output,in debug mode , and I found out that the radius included its configuration file with this path, all of them are: /usr/local/etc/raddb/xxx e.g: including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/modules/ ... while the path of configuration files I modified is: /usr/local/freeradius-server-2.1.8/raddb/ So should I change the configuration files in the path /usr/local/etc/raddb or make some modifications in the /usr/local/freeradius-server-2.1.8/raddb/radiusd.conf? Which one is the server reading? Which one should you modify? Is there a reason to modify a file that the server does not read? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
Alan DeKok-2 wrote:
Martin Silvero wrote:
Thu Sep 25 12:49:16 2008 : Debug: Ignoring request to authentication
address * port 1812 from unknown client 10.0.42.250
Well... did you add that IP as a client in raddb/clients.conf?
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
hi Alan, I have the same problem with Martin, plz help me.. I added
something in the raddb/clients.conf file as follow:
client ipipgw {
ipaddr = 192.168.6.201
secret = testing123
shortname = c3725
nastype = cisco
login = user
password= userpass
}
--
View this message in context:
http://old.nabble.com/The-client-does-not-connect-_*_*_*_-tp19672841p28468884.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
Again, what's the debug output? Does the client manage to send a RADIUS packet that actually arrives at the server? //anders 2008/10/1 Martin Silvero [EMAIL PROTECTED] sorry what they say is ... The access point has an IP 10.0.31.x and is included within raddb/client.conf, forget the IP 10.0.42.250 because I connect to that network to another topic. The server is in the 10.30.1.x , we do not need to be on the same network because they are VLAN ruteables. Pinging responds well. What could be the problem? -- -- Silvero Martin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The client does not connect _*_*_*_
the problem is... when I want to connect from the notebook to the network radius, asking me to configure the profile to the type of authentication, and so on. what set everything is ready and when I try to connect but does not connect to the server and are not recorded requests. on the server are not recorded movements, and the notebook does not show any error. I have no firewall either. Got it? the ping's respond well in both directions. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
Get Wireshark and start looking at what happens to radius packets. Staring at it is not going to make it work. You will find out that you do have a firewall after all. Or your AP is sending packets to the wrong address. Or your routing is messed up. Ivan Kalik Kalik Informatika ISP Dana 3/10/2008, Martin Silvero [EMAIL PROTECTED] piše: the problem is... when I want to connect from the notebook to the network radius, asking me to configure the profile to the type of authentication, and so on. what set everything is ready and when I try to connect but does not connect to the server and are not recorded requests. on the server are not recorded movements, and the notebook does not show any error. I have no firewall either. Got it? the ping's respond well in both directions. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The client does not connect _*_*_*_
ok tnt, I try that with the application, testing and do you notice. Thank you very much! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The client does not connect _*_*_*_
Well, monitoring and testing in the log have this: Going to the next request Waking up in 2.9 seconds. rad_recv: Access-Request packet from host 10.0.31.40 port 1645, id=68, length=144 User-Name = msilvero Framed-MTU = 1400 Called-Station-Id = 0019.2fdb.9e00 Calling-Station-Id = 001f.3c22.44c5 Service-Type = Login-User Message-Authenticator = 0xb7ec9c58aef5995fa1beeaf9fb22d535 EAP-Message = 0x0201000d016d73696c7665726f NAS-Port-Type = Wireless-802.11 NAS-Port = 278 NAS-IP-Address = 10.0.31.40 NAS-Identifier = ap-Reconquista-31 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = msilvero, looking up realm NULL rlm_realm: No such realm NULL ++[suffix] returns noop rlm_eap: EAP packet type response id 1 length 13 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound users: Matched entry msilvero at line 76 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type EAP +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 68 to 10.0.31.40 port 1645 EAP-Message = 0x0102001604100150e2e5a3af2f9bf6b494482cd5b15c Message-Authenticator = 0x State = 0xc4723e07c4703a0f252b64ab3b8aac1c Finished request 63. Going to the next request Waking up in 2.5 seconds. rad_recv: Access-Request packet from host 10.0.31.40 port 1645, id=69, length=155 User-Name = msilvero Framed-MTU = 1400 Called-Station-Id = 0019.2fdb.9e00 Calling-Station-Id = 001f.3c22.44c5 Service-Type = Login-User Message-Authenticator = 0x32c823b2ce943c46fe0003306353f899 EAP-Message = 0x02020006030d NAS-Port-Type = Wireless-802.11 NAS-Port = 278 State = 0xc4723e07c4703a0f252b64ab3b8aac1c NAS-IP-Address = 10.0.31.40 NAS-Identifier = ap-Reconquista-31 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = msilvero, looking up realm NULL rlm_realm: No such realm NULL ++[suffix] returns noop rlm_eap: EAP packet type response id 2 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound users: Matched entry msilvero at line 76 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type EAP +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: EAP-NAK asked for EAP-Type/tls rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 69 to 10.0.31.40 port 1645 EAP-Message = 0x010300060d20 Message-Authenticator = 0x State = 0xc4723e07c571330f252b64ab3b8aac1c Finished request 64. Going to the next request Waking up in 2.5 seconds. rad_recv: Access-Request packet from host 10.0.31.40 port 1645, id=70, length=259 User-Name = msilvero Framed-MTU = 1400 Called-Station-Id = 0019.2fdb.9e00 Calling-Station-Id = 001f.3c22.44c5 Service-Type = Login-User Message-Authenticator = 0x81272adb33bde6be5f5504b71ab4a408 EAP-Message = 0x0203006e0d800064160301005f015b030148e6393e196c12f7838dcd0d7a1694260cf59192b892175d80ab559c8c0d2a2c3400390038003500160013000a00330032002f006600050004006500640063006200610060001500120009001400110008000600030100 NAS-Port-Type = Wireless-802.11 NAS-Port = 278 State = 0xc4723e07c571330f252b64ab3b8aac1c NAS-IP-Address = 10.0.31.40 NAS-Identifier = ap-Reconquista-31 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = msilvero, looking up realm NULL rlm_realm: No such realm NULL ++[suffix] returns noop rlm_eap: EAP packet type response id 3 length 110 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound users: Matched entry msilvero at line 76 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type EAP +- entering group authenticate rlm_eap: Request found, released from
Re: The client does not connect _*_*_*_
rlm_eap_tls: TLS 1.0 Handshake [length 0384], Certificate -- verify error:num=20:unable to get local issuer certificate rlm_eap_tls: TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert write:fatal:unknown CA TLS_accept:error in SSLv3 read client certificate B rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. eaptls_process returned 13 Have you imported CA certificate onto the users machine? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The client does not connect _*_*_*_
yes, I imported client.p12 and ca.der to the notebook, the checked again and are fine - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
* Martin Silvero [EMAIL PROTECTED] [2008-10-03 21:02]: yes, I imported client.p12 and ca.der to the notebook, the checked again and are fine Can you please learn to quote and reply properly. Thanks. -- Vegard Svanberg [EMAIL PROTECTED] [EMAIL PROTECTED] (EFnet)] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The client does not connect _*_*_*_
I apologize to you for not knowing English well, I live in Argentina and my native language is spanish (I doubt you know Spanish), if you are unable to interpret what I am trying to say is your problem with your gray matter , but please if I express ticket that I am not wrong understanding and can write differently, but stay on the sidelines and do not interfere because the kids have no trouble understanding what I write. thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
Hi, Well, when I want to connect from the notebook to the network radius, asking me to configure the profile to the type of authentication, and so on. what set everything is ready and when I try to connect but does not connect to the server and are not recorded requests. What could be the problem? wheres the debug output - as per asked for EVERY time such a query is asked of people on this list? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The client does not connect _*_*_*_
I do not understand what I want to say - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The client does not connect _*_*_*_
sorry what they say is ... The access point has an IP 10.0.31.x and is included within raddb/client.conf, forget the IP 10.0.42.250 because I connect to that network to another topic. The server is in the 10.30.1.x , we do not need to be on the same network because they are VLAN ruteables. Pinging responds well. What could be the problem? -- -- Silvero Martin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The client does not connect _*_*_*_
hello!! Well, as was the theme for the month so again clarify the principle also returned thread. The server is installed and tested it with the test and walk in perfect condition. I configured the radius in the client (access point) and a local user testing, the user is in a notebook in which I installed the certificates created for that user ( ca.der - client.p12) as detailed in the HOWTO wiki. Well, when I want to connect from the notebook to the network radius, asking me to configure the profile to the type of authentication, and so on. what set everything is ready and when I try to connect but does not connect to the server and are not recorded requests. What could be the problem? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
The access point has an IP 10.0.31.x and is included within raddb/client.conf, forget the IP 10.0.42.250 because I connect to that network to another topic. The server is in the 10.30.1.x , we do not need to be on the same network because they are VLAN ruteables. Pinging responds well. What could be the problem? Still the same: routing/firewall. Use Wireshark to find out what happens with radius packets. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
Que? No Habla Espanol. Habla Ingles?? That, and how to order a beer is roughly the extent of my Spanish. //anders On 26/09/2008 15:53, Martin Silvero [EMAIL PROTECTED] wrote: el access point tiena la IP 10.0.31.40 http://10.0.31.40 y esta incluida dentro de raddb/client.conf, olvidemos la IP 10.0.42.250 http://10.0.42.250 porque me conecte a esa red para otro tema. El servidor esta en la 10.30.1.x y no hace falta que esté en la misma red porque son VLAN ruteables. Haciendo ping responde bien. ¿cual podria ser el problema? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
You say 10.0.32.x is on a different network than 10.0.42.x? What's your netmasks and your routing table like? What network is your client on and what network is your server on? Can you ping the server (or access it in any way) from the client? This is really more a basic networking question than a specific Radius issue. //anders On 25/09/2008 22:48, Pshem Kowalczyk [EMAIL PROTECTED] wrote: Hi All, Please don't forget that radius is UDP, and telnet TCP - firewall might be protocol specific and the fact that you can't telnet to port 1812 doesn't mean you can't use radius. kind regards Pshem - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The client does not connect _*_*_*_
el access point tiena la IP 10.0.31.40 y esta incluida dentro de raddb/client.conf, olvidemos la IP 10.0.42.250 porque me conecte a esa red para otro tema. El servidor esta en la 10.30.1.x y no hace falta que esté en la misma red porque son VLAN ruteables. Haciendo ping responde bien. ¿cual podria ser el problema? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The client does not connect _*_*_*_
Good morning! I am with a new problem, I feel like I'm close. My problem now is that set in a notebook the connection to authenticate with tls but not connecting, I am not showing any error, just does not connect, you run into the radius with -x and is waiting for requests. Why is this wrong? Do you ever step on someone? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
any firewall ? try with ntradping ( free tool to test radius ) 2008/9/25 Martin Silvero [EMAIL PROTECTED]: Good morning! I am with a new problem, I feel like I'm close. My problem now is that set in a notebook the connection to authenticate with tls but not connecting, I am not showing any error, just does not connect, you run into the radius with -x and is waiting for requests. Why is this wrong? Do you ever step on someone? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The client does not connect _*_*_*_
The firewall is disabled, and probe with the tool NTRadPing and the result in the radius is as follows: Thu Sep 25 12:49:16 2008 : Debug: Ignoring request to authentication address * port 1812 from unknown client 10.0.42.250 port 1083 Thu Sep 25 12:49:16 2008 : Debug: Ready to process requests. Thu Sep 25 12:49:20 2008 : Debug: Ignoring request to authentication address * port 1812 from unknown client 10.0.42.250 port 1083 Thu Sep 25 12:49:20 2008 : Debug: Ready to process requests. Thu Sep 25 12:49:23 2008 : Debug: Ignoring request to authentication address * port 1812 from unknown client 10.0.42.250 port 1083 Thu Sep 25 12:49:23 2008 : Debug: Ready to process requests. Thu Sep 25 12:49:27 2008 : Debug: Ignoring request to authentication address * port 1812 from unknown client 10.0.42.250 port 1083 Thu Sep 25 12:49:27 2008 : Debug: Ready to process requests. Thu Sep 25 12:49:30 2008 : Debug: Ignoring request to authentication address * port 1812 from unknown client 10.0.42.250 port 1083 Thu Sep 25 12:49:30 2008 : Debug: Ready to process requests. Thu Sep 25 12:49:34 2008 : Debug: Ignoring request to authentication address * port 1812 from unknown client 10.0.42.250 port 1083 Thu Sep 25 12:49:34 2008 : Debug: Ready to process requests. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
Martin Silvero wrote: Thu Sep 25 12:49:16 2008 : Debug: Ignoring request to authentication address * port 1812 from unknown client 10.0.42.250 Well... did you add that IP as a client in raddb/clients.conf? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The client does not connect _*_*_*_
in fact this IP (10.0.42.250) is another network which is connected to the notebook, which I have done now is to disconnect from the network and try to connect to the radius of the outcome this time is that in the radius server does not There is movement and the tool NTRadPing I get: no response from server (time out), new attemp - could not receive a response from the server the IP i add to raddb/clients.conf is the access point client = 10.0.31.40 the IP 10.0.42.250 as other networks but i disconect thanks! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
Can you ping the radius server from the access point. This is a networking issue - nothing to do with radius. Ivan Kalik Kalik Informatika ISP Dana 25/9/2008, Martin Silvero [EMAIL PROTECTED] piše: in fact this IP (10.0.42.250) is another network which is connected to the notebook, which I have done now is to disconnect from the network and try to connect to the radius of the outcome this time is that in the radius server does not There is movement and the tool NTRadPing I get: no response from server (time out), new attemp - could not receive a response from the server the IP i add to raddb/clients.conf is the access point client = 10.0.31.40 the IP 10.0.42.250 as other networks but i disconect thanks! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The client does not connect _*_*_*_
Yes, tried to ping and responds quickly and without losses. Also I did from the server and also responds. What could be the problem? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
maybe its a hotspot issue , i had one with some Mikrotik Hotspot and had to do an IP - Hotspot - IP Binding. theorically its a NAT issue 2008/9/25 [EMAIL PROTECTED]: Can you ping the radius server from the access point. This is a networking issue - nothing to do with radius. Ivan Kalik Kalik Informatika ISP Dana 25/9/2008, Martin Silvero [EMAIL PROTECTED] piše: in fact this IP (10.0.42.250) is another network which is connected to the notebook, which I have done now is to disconnect from the network and try to connect to the radius of the outcome this time is that in the radius server does not There is movement and the tool NTRadPing I get: no response from server (time out), new attemp - could not receive a response from the server the IP i add to raddb/clients.conf is the access point client = 10.0.31.40 the IP 10.0.42.250 as other networks but i disconect thanks! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
Then try to telnet (port 1812) from access point to server. If you can't - problem is firewall. If you can - you haven't configured radius on AP properly. Ivan Kalik Kalik Informatika ISP Dana 25/9/2008, Martin Silvero [EMAIL PROTECTED] piše: Yes, tried to ping and responds quickly and without losses. Also I did from the server and also responds. What could be the problem? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
Hi All, Please don't forget that radius is UDP, and telnet TCP - firewall might be protocol specific and the fact that you can't telnet to port 1812 doesn't mean you can't use radius. kind regards Pshem - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
