FreeRadius stopped working

giyahban · Apr 6, 2023, 7:35 PM

Hello hope all is good
Today all of sudden my freeradius stopped working
It does start (all defined ports are listening) but not authenticate any users
the system log doest show any error but when I try to authenticate through diagnosis tool it says
/diag_authentication.php: Error during RADIUS authentication : Operation timed out
Tried to delete all the configs and the package but doesnt fix the problem
I dont know if its related or not but ntopng package stops working too.

Gertjan · Apr 7, 2023, 9:27 AM

@giyahban said in FreeRadius stopped working:

Today all of sudden my freeradius stopped working

Stop Freeradius in the GUI.

Open a console access, or, better, SSH.
Use option 8.

Type

radiusd -x

Now you will see 'everything'.
If your SSH client is capable of chowing colours, red lines will be 'errors' = issues to resolve.

giyahban · Apr 7, 2023, 10:25 AM

@gertjan
Thanks for the response
I ran the radiusd -X command
last lines were as below

Listening on auth address 127.0.0.1 port 1812 bound to server default
Listening on acct address 127.0.0.1 port 1813 bound to server default
Listening on status address 127.0.0.1 port 1816 bound to server default
Listening on auth address 127.0.0.1 port 18128 bound to server inner-tunnel-peap
Listening on auth address 127.0.0.1 port 18127 bound to server inner-tunnel-ttls
Ready to process requests

Strange thing is that when I do an authentication via diagnosis it says failed and there is no output here!

giyahban · Apr 7, 2023, 11:10 AM

@giyahban
I did the cli testing with following command

radtest -x test test123 127.0.0.1:1812 0 RadServer

the output I get is

Failed to send packet for ID 116: sendto failed: Can't assign requested address

Gertjan · Apr 7, 2023, 2:22 PM

@giyahban

First of all ... sorry, it should be

radiusd -X

Before running this commant, make sure there is no radius process already running :

ps ax | grep 'radius'

if there is one : go kill it.

I've done this - running radius on the console, and waited until it shown :

...
Listening on auth address 127.0.0.1 port 18128 bound to server inner-tunnel-peap
Listening on auth address 127.0.0.1 port 18127 bound to server inner-tunnel-ttls
Listening on auth address * port 1812 bound to server default
Listening on status address * port 1816 bound to server default
Listening on acct address * port 1813 bound to server default
Ready to process requests

Now, in another SSH session :

radtest -x x x 192.168.2.1:1812 0 sharedsecret 192.168.2.1

Where -x is verbose output.
x and x is a valid, known user and it's password.
192.168.2.1:1812 is the radius server IP and port.
0 is ... dono - have to type 0 - have to see the man pages I guess.
sharedsecret is my radius password.
192.168.2.1 is "originating IP ?" (again : man pages)

This was shown when I hit enter :

Sent Access-Request Id 0 from 0.0.0.0:3524 to 192.168.2.1:1812 length 77
        User-Name = "x"
        User-Password = "x"
        NAS-IP-Address = 192.168.1.1
        NAS-Port = 0
        Message-Authenticator = 0x00
        Framed-Protocol = PPP
        Cleartext-Password = "x"
Received Access-Accept Id 0 from 192.168.2.1:1812 to 192.168.2.1:3524 length 57
        Acct-Interim-Interval = 600
        WISPr-Redirection-URL = "https://www.google.com/"

The "Access-Accept" means : access granted.

On the radius SSH shell session window, I saw " a lot of radius stuf getting logged"

giyahban · Apr 7, 2023, 2:22 PM

@gertjan
I did exactly the same and the result is

(0) Failed to send packet for ID 154: sendto failed: Can't assign requested address

Gertjan · Apr 7, 2023, 2:38 PM

@giyahban

As above :

radtest -x x x 192.168.2.1:1812 0 sharedsecret 192.168.2.1

works for me.

radtest -x x x 192.168.2.1:1812 0 sharedsecret 192.168.1.1

works also.

Also this :

radtest -x x x 192.168.2.1:1812 0 sharedsecret

The 192.168.2.1 is important because I've set up

Btw : check your (floating) firewall rules ?

For me,

radtest -x x x 127.0.0.1:1812 0 sharedsecret

doesn't work neither.

giyahban · Apr 7, 2023, 5:01 PM

@gertjan said in FreeRadius stopped working:

radtest -x x x 192.168.2.1:1812 0 sharedsecret 192.168.1.1

I double checked there isnt any floating rules, it was working all of a sudden it stopped
I ran the command with request IP such as below

radtest -x x x 127.0.0.1:1812 0 sharedsecret 192.168.7.1

Still got the same result

(0) Failed to send packet for ID 62: sendto failed: Can't assign requested address

Im thinking that there is something wrong with freebsd itself, it can't send the request so the request never recieved by the radius server

giyahban · Apr 7, 2023, 8:41 PM

@giyahban
Strange thing happened when I changed every 127.0.0.1 ip to lan ip
now its working!
it would be nice to understand what was causing the problem!