4. Radius Problem

Radius Problem

  • B

    Hello ,
    I have a problem with the Radius when I changed the listing interfaces to the loopback interface the radius not work .
    please can you help me
    Thanks

    0
  • N

    This package isn't actively maintained and developed.
    Do you have network components on different subents which need to authenticate against RADIUS ?
    I am using switches with a separate MANAGEMENT VLAN and all network components which authenticate against freeRADIUS are on the same MANAGEMENT VLAN - the same VLAN as RADIUS is listening to.

    –-edit---

    check "bind_address" in
    /usr/local/etc/raddb/radius.conf

    If you select a specific interface then there should be the IP of the interface you selected.
    If you select loopback then there should be a " * "

    Take a look here:
    http://freeradius.org/radiusd/raddb/radiusd.conf.in

    #  bind_address:  Make the server listen on a particular IP address, and
#  send replies out from that address.  This directive is most useful
#  for machines with multiple IP addresses on one interface.
#
#  It can either contain "*", or an IP address, or a fully qualified
#  Internet domain name.  The default is "*"
#
#  As of 1.0, you can also use the "listen" directive.  See below for
#  more information.
#
bind_address = *

    perhaps you could edit the radius.conf manually, restart the radiusd service and check if it works.

    0
  • B

    Thank you for your reply

    I have added the following to the radius.conf but still the listening port on one interface ( the interface added by the GUI )

    bind_address = 10.11.11.1
    bind_address = 10.221.0.13
    bind_address = 127.0.0.1

    Thanks

    0
  • N

    I am not sure if you can add more than one address.

    please try with:

    bind_address = *

    kill radiusd and restart with

    radiusd -X

    Then check again if you can authenticate.

    0
  • B

    Hi Nachtfalke,

    the same problem , the interface configured by the GUI is the listening port

    netstat -na | grep 1812

    udp4      0      0 127.0.0.1.1812        .

    0
  • N

    You need to take care:

    If you change the radius.conf and the do any changes in the freeRADIUS GUI, that it will overwrite the radius.conf again.

    So change the radius.conf to

    bind_address = *

    save the file.

    then do:

    kill -9 radiusd

    and then

    radiusd -X

    after this radiusd is starting in debugging mode, you can see if radiusd is able to "processing requests".
    If a client is connecting then you will see the output there.

    I am NOT sure if this will work. I am no expert but it is the only idea I can give you.

    0
  • B

    Hi Nachtfalke,
    it's work now and all the interfaces are listening to the radius port

    Thank you very much for your support you are expert man

    0
  • N

    Thank you for your feedback.

    Perhaps I can change the GUI so that we can chose a specific or all interfaces.
    But I am no expert in changing the GUI, too. hehe ;)

    –--edit----

    Ok, I did some changes on these files:
    freeradius.inc
    freeradiussettings.xml

    So we have the possibility to enter one IP address of the listening interface or we can chose a " * " if we like that freeRADIUS is listening to any interface. I tried this on my machine for a short time and it is working.

    Version 1.0.5 should have the changes.

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy