Also, if the server host is multihomed, then the response packet may be
coming from a different source IP than the original request was sent to,
in which case the client may ignore it. The fix for this is to have the
radius server listen on a single IP, which will cause that IP to be used
as the source and avoid this problem. tcpdump is your friend here too.

--Greg


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Hi,
first, to stop it using DHCP configure your network stack correctly.
usually /etc/sysconfig/network or /etc/sysconfig/networking-scripts/ifcfg-eth0
or somesuch - or use a GUI interface etc. certainly if you want
fixed you dont want dhclient or pump etc running!

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

I found the problem, I was getting a DHCP address, which I did not want
to do. The eth0 icon on the tray showed the correct static address,
which was the same as in my /etc/hosts (and DNS), but the actual
ifconfig eth0 showed the DHCP address. I corrected this, and now I am
one step further. :-)

In debug output I see

rlm_realm: Looking up realm "umpublishing.org" for User-Name =
"***@umpublishing.org"
rlm_realm: No such realm "umpublishing.org"


yet this is the realm defined in smb.conf, and it also works fine when I
have this line in the /usr/local/etc/raddb/users file:

***@umpublishing.org Auth-Type := ntlm_auth

Is there somewhere else that the realm needs to be defined for this to
work?

Regards,
Cindy







-----Original Message-----
From: Yoho, Cindy
Sent: Wednesday, August 06, 2008 12:48 PM
To: 'FreeRadius users mailing list'
Subject: RE: Server not responding to requests


Alan,

iptables -L -n output shows

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

tcpdump shows nothing when I am trying to connect.

However, ifconfig shows eth0 has the wrong IP address. It looks like it
grabbed a DHCP address from my Windows DHCP server. When I look at eth0
connection properties on the task bar it shows 172.16.3.4. In
/etc/hosts, under System Administration Network Configuration, and on
my DNS server, it is 172.16.1.15. How do I stop it from using the wrong
address? I see in docs there is a file called
/var/lib/dhclient/eth0-leases which contains the bad config info.

Orion, client file is correct, for the 172.16.1.15 address, anyway. :-\


Greg, server is not multihomed, but multi-ip addresses do appear to be
the problem.


Hi,
Multitech.
iptables? your host is firewalled and therefore FR doesnt see the
packet at all?


tcpdump -eqntl -i eth0 port 1812

(if eth0 is your NIC) then do some stuff. do you see anything?

iptables -L -n

are there entries? if so, ensure there are 1812/1813/1814 UDP entries
too!


alan


------------------------------

Message: 2
Date: Tue, 5 Aug 2008 19:17:40 +0200
From: orion <***@gmail.com>
Subject: Re: Server not responding to requests
To: "FreeRadius users mailing list"
<freeradius-***@lists.freeradius.org>
Message-ID:
<***@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

take a look at client file. there you can specify which clients ( IP
addresses ) are allowed . add the public ip of your outside clients/nas.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html