[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Radius and portmaster

To: Brian Candler <B.Candler at pobox.com>
Subject: Re: Radius and portmaster
From: Jounewe Koumessi Aline Flore <fkoumessi at yahoo.com>
Date: Tue, 27 Nov 2001 07:39:50 -0800 (PST)
Cc: afnog at afnog.org
Content-Type: text/plain; charset=us-ascii
Delivered-To: afnog-archive at lists.eahd.or.ug
Delivered-To: <afnog at afnog.org>
In-Reply-To: <20011127111833.A5787 at linnet.org>
Sender: owner-afnog at uol.co.ug

Right,

Now the test after the modification you provide me
give a good answer without error:

Sending request to server radius-server-ip , port 1812
radrecv: Reply from host nas-server-ip code=2, id=114,
length=20.

Now i think it remind to perform the configuration
with the really client which is in my case the
portmaster (livingston product).

How do the portmaster knowing that the authentication
should be done by the radius server rather than the
portmaster itself?

How can i try a test by sending packet from the
portmaster to the radius server?
--- Brian Candler <B.Candler at pobox.com> wrote:
> On Tue, Nov 27, 2001 at 02:33:59AM -0800, Jounewe
> Koumessi Aline Flore wrote:
> > then /var/log/radius.log gives:
> > Error: request from unknow client:
> radius-server-Name
> > Error: Authenticate: from client
> > radius-server-Name-Security Breach: login name 
> 
> Excellent work. So what do you think "request from
> unknown client" means?
> 
> The radius server enforces that every RADIUS packet
> must
> (a) come from a known IP address, and
> (b) be authenticated with a shared secret
> 
> You are using radtest to send packets to radiusd on
> the same machine. So in
> /etc/raddb/clients you will need an entry for
> 
> 127.0.0.1   secret
> or
> your.ip.add.dress   secret
> 
> depending on whether radtest is sending packets with
> a source of 127.0.0.1
> or your.ip.add.dress (look at tcpdump output, or
> simply put both entries in
> /etc/raddb/clients)
> 
> The 'naslist' file is not so important. It's only
> used for debugging, and if
> there are any cases where you send different
> responses depending on the type
> of the NAS which originates the request.
> 
> After changing the clients file, you need to restart
> radiusd.
> 
> Regards,
> 
> Brian.
> 
> -----
> This is the afnog mailing list, managed by Majordomo
> 1.94.4
> 
> To send a message to this list, e-mail
> afnog at afnog.org
> To send a request to majordomo, e-mail
> majordomo at afnog.org and put
> your request in the body of the message (i.e use
> "help" for help)
> 
> This list is maintained by owner-afnog at afnog.org
> 


=====
/*************
JOUNEWE KOUMESSI ALINE FLORE
Ingénieur Réseau et Système
Tél. (237) 992-72-89
fkoumessi at yahoo.com
/************

__________________________________________________
Do You Yahoo!?
Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
http://geocities.yahoo.com/ps/info1

-----
This is the afnog mailing list, managed by Majordomo 1.94.4

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org

References:
- Re: Radius and portmaster
  - From: Brian Candler <B.Candler at pobox.com>

Prev by Date: Re: Mail Filter for sendmail on Solaris
Next by Date: Re: Mail Filter for sendmail on Solaris
Prev by thread: Re: Radius and portmaster
Next by thread: Re: Radius and portmaster
Index(es):
- Date
- Thread