[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Radius and portmaster

To: Jounewe Koumessi Aline Flore <fkoumessi at yahoo.com>
Subject: Re: Radius and portmaster
From: Brian Candler <B.Candler at pobox.com>
Date: Tue, 27 Nov 2001 11:18:34 +0000
Cc: afnog at afnog.org
Content-Disposition: inline
Content-Type: text/plain; charset=us-ascii
Delivered-To: afnog-archive at lists.eahd.or.ug
Delivered-To: <afnog at afnog.org>
In-Reply-To: <20011127103359.54945.qmail at web10402.mail.yahoo.com>; from fkoumessi at yahoo.com on Tue, Nov 27, 2001 at 02:33:59AM -0800
References: <20011126171540.C3101 at linnet.org> <20011127103359.54945.qmail at web10402.mail.yahoo.com>
Sender: owner-afnog at uol.co.ug
User-Agent: Mutt/1.2.5i

On Tue, Nov 27, 2001 at 02:33:59AM -0800, Jounewe Koumessi Aline Flore wrote:
> then /var/log/radius.log gives:
> Error: request from unknow client: radius-server-Name
> Error: Authenticate: from client
> radius-server-Name-Security Breach: login name 

Excellent work. So what do you think "request from unknown client" means?

The radius server enforces that every RADIUS packet must
(a) come from a known IP address, and
(b) be authenticated with a shared secret

You are using radtest to send packets to radiusd on the same machine. So in
/etc/raddb/clients you will need an entry for

127.0.0.1   secret
or
your.ip.add.dress   secret

depending on whether radtest is sending packets with a source of 127.0.0.1
or your.ip.add.dress (look at tcpdump output, or simply put both entries in
/etc/raddb/clients)

The 'naslist' file is not so important. It's only used for debugging, and if
there are any cases where you send different responses depending on the type
of the NAS which originates the request.

After changing the clients file, you need to restart radiusd.

Regards,

Brian.

-----
This is the afnog mailing list, managed by Majordomo 1.94.4

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org

Follow-Ups:
- Re: Radius and portmaster
  - From: Jounewe Koumessi Aline Flore <fkoumessi at yahoo.com>

References:
- Re: Radius and portmaster
  - From: Brian Candler <B.Candler at pobox.com>
- Re: Radius and portmaster
  - From: Jounewe Koumessi Aline Flore <fkoumessi at yahoo.com>
- Re: Radius and portmaster
  - From: Jounewe Koumessi Aline Flore <fkoumessi at yahoo.com>

Prev by Date: Re: Radius and portmaster
Next by Date: Mail Filter for sendmail on Solaris
Prev by thread: Re: Radius and portmaster
Next by thread: Re: Radius and portmaster
Index(es):
- Date
- Thread