Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FreeRadius stopped working

    Scheduled Pinned Locked Moved
    pfSense Packages
    2
    9
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      giyahban
      last edited by

      Hello hope all is good
      Today all of sudden my freeradius stopped working
      It does start (all defined ports are listening) but not authenticate any users
      the system log doest show any error but when I try to authenticate through diagnosis tool it says
      /diag_authentication.php: Error during RADIUS authentication : Operation timed out
      Tried to delete all the configs and the package but doesnt fix the problem
      I dont know if its related or not but ntopng package stops working too.

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @giyahban
        last edited by

        @giyahban said in FreeRadius stopped working:

        Today all of sudden my freeradius stopped working

        Stop Freeradius in the GUI.

        Open a console access, or, better, SSH.
        Use option 8.

        Type

        radiusd -x

        Now you will see 'everything'.
        If your SSH client is capable of chowing colours, red lines will be 'errors' = issues to resolve.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        G 1 Reply Last reply Reply Quote 0
        • G
          giyahban @Gertjan
          last edited by giyahban

          @gertjan
          Thanks for the response
          I ran the radiusd -X command
          last lines were as below

          Listening on auth address 127.0.0.1 port 1812 bound to server default
Listening on acct address 127.0.0.1 port 1813 bound to server default
Listening on status address 127.0.0.1 port 1816 bound to server default
Listening on auth address 127.0.0.1 port 18128 bound to server inner-tunnel-peap
Listening on auth address 127.0.0.1 port 18127 bound to server inner-tunnel-ttls
Ready to process requests

          Strange thing is that when I do an authentication via diagnosis it says failed and there is no output here!

          G 1 Reply Last reply Reply Quote 0
          • G
            giyahban @giyahban
            last edited by giyahban

            @giyahban
            I did the cli testing with following command

            radtest -x test test123 127.0.0.1:1812 0 RadServer

            the output I get is

            Failed to send packet for ID 116: sendto failed: Can't assign requested address
            GertjanG 1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan @giyahban
              last edited by Gertjan

              @giyahban

              First of all ... sorry, it should be

              radiusd -X

              Before running this commant, make sure there is no radius process already running :

              ps ax | grep 'radius'

              if there is one : go kill it.

              I've done this - running radius on the console, and waited until it shown :

              ...
Listening on auth address 127.0.0.1 port 18128 bound to server inner-tunnel-peap
Listening on auth address 127.0.0.1 port 18127 bound to server inner-tunnel-ttls
Listening on auth address * port 1812 bound to server default
Listening on status address * port 1816 bound to server default
Listening on acct address * port 1813 bound to server default
Ready to process requests

              Now, in another SSH session :

              radtest -x x x 192.168.2.1:1812 0 sharedsecret 192.168.2.1

              Where -x is verbose output.
              x and x is a valid, known user and it's password.
              192.168.2.1:1812 is the radius server IP and port.
              0 is ... dono - have to type 0 - have to see the man pages I guess.
              sharedsecret is my radius password.
              192.168.2.1 is "originating IP ?" (again : man pages)

              This was shown when I hit enter :

              Sent Access-Request Id 0 from 0.0.0.0:3524 to 192.168.2.1:1812 length 77
        User-Name = "x"
        User-Password = "x"
        NAS-IP-Address = 192.168.1.1
        NAS-Port = 0
        Message-Authenticator = 0x00
        Framed-Protocol = PPP
        Cleartext-Password = "x"
Received Access-Accept Id 0 from 192.168.2.1:1812 to 192.168.2.1:3524 length 57
        Acct-Interim-Interval = 600
        WISPr-Redirection-URL = "https://www.google.com/"

              The "Access-Accept" means : access granted.

              On the radius SSH shell session window, I saw " a lot of radius stuf getting logged"

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              G 1 Reply Last reply Reply Quote 0
              • G
                giyahban @Gertjan
                last edited by

                @gertjan
                I did exactly the same and the result is

                (0) Failed to send packet for ID 154: sendto failed: Can't assign requested address
                GertjanG 1 Reply Last reply Reply Quote 0
                • GertjanG
                  Gertjan @giyahban
                  last edited by

                  @giyahban

                  As above :

                  radtest -x x x 192.168.2.1:1812 0 sharedsecret 192.168.2.1

                  works for me.

                  radtest -x x x 192.168.2.1:1812 0 sharedsecret 192.168.1.1

                  works also.

                  Also this :

                  radtest -x x x 192.168.2.1:1812 0 sharedsecret

                  The 192.168.2.1 is important because I've set up

                  a9d429b1-866a-451c-9917-989f2f247f49-image.png

                  Btw : check your (floating) firewall rules ?

                  For me,

                  radtest -x x x 127.0.0.1:1812 0 sharedsecret

                  doesn't work neither.

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  G 1 Reply Last reply Reply Quote 0
                  • G
                    giyahban @Gertjan
                    last edited by

                    @gertjan said in FreeRadius stopped working:

                    radtest -x x x 192.168.2.1:1812 0 sharedsecret 192.168.1.1

                    I double checked there isnt any floating rules, it was working all of a sudden it stopped
                    I ran the command with request IP such as below

                    radtest -x x x 127.0.0.1:1812 0 sharedsecret 192.168.7.1

                    Still got the same result

                    (0) Failed to send packet for ID 62: sendto failed: Can't assign requested address

                    Im thinking that there is something wrong with freebsd itself, it can't send the request so the request never recieved by the radius server

                    G 1 Reply Last reply Reply Quote 0
                    • G
                      giyahban @giyahban
                      last edited by

                      @giyahban
                      Strange thing happened when I changed every 127.0.0.1 ip to lan ip
                      now its working!
                      it would be nice to understand what was causing the problem!

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post