Radius Problem



  • Hello ,
    I have a problem with the Radius when I changed the listing interfaces to the loopback interface the radius not work .
    please can you help me
    Thanks



  • This package isn't actively maintained and developed.
    Do you have network components on different subents which need to authenticate against RADIUS ?
    I am using switches with a separate MANAGEMENT VLAN and all network components which authenticate against freeRADIUS are on the same MANAGEMENT VLAN - the same VLAN as RADIUS is listening to.

    –-edit---

    check "bind_address" in
    /usr/local/etc/raddb/radius.conf

    If you select a specific interface then there should be the IP of the interface you selected.
    If you select loopback then there should be a " * "

    Take a look here:
    http://freeradius.org/radiusd/raddb/radiusd.conf.in

    #  bind_address:  Make the server listen on a particular IP address, and
    #  send replies out from that address.  This directive is most useful
    #  for machines with multiple IP addresses on one interface.
    #
    #  It can either contain "*", or an IP address, or a fully qualified
    #  Internet domain name.  The default is "*"
    #
    #  As of 1.0, you can also use the "listen" directive.  See below for
    #  more information.
    #
    bind_address = *
    

    perhaps you could edit the radius.conf manually, restart the radiusd service and check if it works.



  • Thank you for your reply

    I have added the following to the radius.conf but still the listening port on one interface ( the interface added by the GUI )

    bind_address = 10.11.11.1
    bind_address = 10.221.0.13
    bind_address = 127.0.0.1

    Thanks



  • I am not sure if you can add more than one address.

    please try with:

    bind_address = *
    

    kill radiusd and restart with

    radiusd -X
    

    Then check again if you can authenticate.



  • Hi Nachtfalke,

    the same problem , the interface configured by the GUI is the listening port

    netstat -na | grep 1812

    udp4      0      0 127.0.0.1.1812        .



  • You need to take care:

    If you change the radius.conf and the do any changes in the freeRADIUS GUI, that it will overwrite the radius.conf again.

    So change the radius.conf to

    bind_address = *
    

    save the file.

    then do:

    kill -9 radiusd
    

    and then

    radiusd -X
    

    after this radiusd is starting in debugging mode, you can see if radiusd is able to "processing requests".
    If a client is connecting then you will see the output there.

    I am NOT sure if this will work. I am no expert but it is the only idea I can give you.



  • Hi Nachtfalke,
    it's work now and all the interfaces are listening to the radius port

    Thank you very much for your support you are expert man



  • Thank you for your feedback.

    Perhaps I can change the GUI so that we can chose a specific or all interfaces.
    But I am no expert in changing the GUI, too. hehe ;)

    –--edit----

    Ok, I did some changes on these files:
    freeradius.inc
    freeradiussettings.xml

    So we have the possibility to enter one IP address of the listening interface or we can chose a " * " if we like that freeRADIUS is listening to any interface. I tried this on my machine for a short time and it is working.

    Version 1.0.5 should have the changes.


Locked