Discussion:
Setting up FreeRADIUS
ryuukuu
2012-02-22 19:58:24 UTC
Permalink
I seem to be having a hardtime setting up FreeRADIUS to work with my Astaro
firewall.


First, in radiusd.conf I have left most of the configurations the same only
made a few small ones such as the port for:
listen {
type = auth
ipaddr = *
port = 1812 (instead of the default 0)
}

In clients.conf, I have added the following:

client ASG {
ipaddr = 192.168.***.***
secret = my secret
}

In /etc/raddb/users I added user Cleartext-Password password.


In Astaro I created a network definition with "host," as the type, ANY
interface, and the IP for my box running FreeRADIUS.
I also created a packet filter rule as follows:

Group: WiFi
Position: 59
Source: srv_freeradius
Service: RADIUS
Destination: firewall

In the wireless security setting of Astaro under Advance/Enterprise
Authentication I added the following information:

RADIUS: srv_freeradius (network defition I created)
RADIUS Port: RADIUS (This was already in place there)
RADIUS Secret: my secret
Repeat Secret: repeated secret

Now whenever I run radtest user password localhost 0 secret I get the
Access-Accept packet but if I modify the command and run radtest user
password ASG_IP 1812 secret I get "radclient: no response from server for ID
168 socket 3"

I also tried running radtest user password FreeRADIUS_Server_IP 1812 secret
and the output in /usr/sbin/radiusd -X is as follows: " Ignoring request to
authentication address * port 1812 from unknown client 192.168.***.*** port
48063
Ready to process requests."

--
View this message in context: http://freeradius.1045715.n5.nabble.com/Setting-up-FreeRADIUS-tp5506078p5506078.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan Buxey
2012-02-22 20:44:03 UTC
Permalink
Hi,
Post by ryuukuu
port = 1812 (instead of the default 0)
doesnt matter - it'll use 1812 and not 0 - read from /etc/services
Post by ryuukuu
client ASG {
ipaddr = 192.168.***.***
secret = my secret
if the secret really does have spaces in it, then you need to ensure its
enclosed in quotes "my secret"
Post by ryuukuu
In /etc/raddb/users I added user Cleartext-Password password.
fred Cleartext-Password := "password"

(note the := )
Post by ryuukuu
Now whenever I run radtest user password localhost 0 secret I get the
Access-Accept packet but if I modify the command and run radtest user
password ASG_IP 1812 secret I get "radclient: no response from server for ID
168 socket 3"
??? hat would be sending a RADIUS request to the ASG_IP server - is this running
as a server that can take and accept a remote proxied request?
Post by ryuukuu
I also tried running radtest user password FreeRADIUS_Server_IP 1812 secret
and the output in /usr/sbin/radiusd -X is as follows: " Ignoring request to
authentication address * port 1812 from unknown client 192.168.***.*** port
48063
thats because you havent added 192.168.***.*** as a valid client in clients.conf

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Continue reading on narkive:
Loading...