Radius Failed - Testing

SantoshKMishra · December 7, 2020, 5:45am

Dear All,

I have setup PI and FreeRadius server in Ubuntu 18.0 and able to login using AD use in PI web console. while creating New Radius server from GUI console, i am getting below error in RADIUS log:

Mon Dec 7 12:42:22 2020 : Error: Ignoring request to auth address * port 1812 from unknown client 127.0.0.1 port 48700 proto udp
Mon Dec 7 12:42:27 2020 : Error: Ignoring request to auth address * port 1812 from unknown client 127.0.0.1 port 48700 proto udp
Mon Dec 7 12:42:32 2020 : Error: Ignoring request to auth address * port 1812 from unknown client 127.0.0.1 port 48700 proto udp

Any clue what is missing and where to change what ?

Thanks

cornelinux · December 7, 2020, 8:57am

The RADIUS server in the system settings in the webui is only for outgoing request, i.e. if privacyIDEA needs to send a RADIUS request to another radius server.

In your case you need to configure the file clients.conf which is probably located at /etc/freeradius/3.0/clients.conf. Also read: https://privacyidea.readthedocs.io/en/latest/application_plugins/index.html

Our company also provides an enterprise edition, which comes with an appliance tool, that helps you to set up things like RADIUS clients.

SantoshKMishra · December 7, 2020, 9:22am

Thank you so much, but when i am trying to get authentication done for my VPN, i see below error in Freeradius Log:
i have pointed my VPN server to PI IP where Freeradius is also installed. and PI is already configure for LDAPresolver

Error: Ignoring request to auth address * port 1812 from unknown client 192.168.102.80 port 51022 proto udp

however, if i test this locally, i see this is working.
below is my entry in client.conf for my VPN server

client server {
ipaddr = 192.168.102.80
netmask = 24
secret = otp123
shortname = server
nas_type = other
require_message_authenticator = no
}

what wrong i am doing.

Thank you so much for your quick revert

SantoshKMishra · December 7, 2020, 10:20pm

Dear All,
Any help on above query please ?

cornelinux · December 8, 2020, 6:09am

Start freeradius in Debug mode by running

 freeradius -X

and read the output carefully. It will tell you, what is wrong. Probably the client definition.

My guess:

ipaddr = 192.168.102.80
netmask = 24

looks strange. 192.68.102.0 with netmask 24 looks more sensible.

SantoshKMishra · December 8, 2020, 11:47am

Thank you so much for your input.

problem was something lese, i missed completely that server date and time was something else, once i fixed that issue got resolved.

Thank you again