Solved

Freeradius

Posted on 2010-09-10
22
617 Views
Last Modified: 2012-06-27
Hi,
I having issues setting up radius server in my centOs 5+.
The problem is there is no communication between freeRadius & the clients.
Only the localhost client 127.0.0.1 is being accepted.
Another question is that can the freeRadius be used in Remote that is without the connection of LAN ?
I am using Freeradius on centOs 5+, chillispot ddwrt.
0
Comment
Question by:ssuresh07
  • 10
  • 9
  • 2
  • +1
22 Comments
 
LVL 25

Expert Comment

by:madunix
Comment Utility
0
 
LVL 36

Expert Comment

by:ArneLovius
Comment Utility
The radius client (vpn server, wireless ap etc) need to be connected over an IP network to the radius server.

The radius client has to be configured on the radius server with its identity (usually IP address) and a shared secret.

It is not possible to have a radius client operating without an IP link to the radius server, but the IP link could be over anything that carries IP traffic as long as there is a route between them
0
 

Author Comment

by:ssuresh07
Comment Utility
@madunix:
I have tried that solution but it seams to work only in LAN connection not over remote.

@Arnel
I have configured radius as you have mentioned but it is not working for me over remote.
0
 
LVL 36

Expert Comment

by:ArneLovius
Comment Utility

a more detailed description of what you are trying to achieve may be useful
0
 
LVL 17

Expert Comment

by:pergr
Comment Utility
Double check that your server and your clients are using the same port number for RADIUS communication. The new standard is 1812 and 1813, while older clients sometimes use other port numbers.

I assume the networking is OK - that you can ping the server from the client...
0
 

Author Comment

by:ssuresh07
Comment Utility
@Pergr
When I use "radtest username pass localhost 0 testing"
it is working fine but when i use "radtest username pass 10.10.1.1 0 testing"
its not working.
There is no log created for this.
And I am new to linux too, so not able to figure out wats the reason.
0
 
LVL 17

Expert Comment

by:pergr
Comment Utility
There is a configuration file called clients.conf where you need to include the IP addresses for your clients.

http://wiki.freeradius.org/Clients.conf

Possibly when you do the test the source IP of the request becomes an IP instread of localhost, and so is rejected unless configured.

How did the ping test go?
0
 

Author Comment

by:ssuresh07
Comment Utility
I have included the client IP in client.conf like
client 10.10.10.1 {
      secret          = testing123
      shortname   = testing
      nastype     = other      
}

but still no response in radtest command.
0
 
LVL 17

Expert Comment

by:pergr
Comment Utility
I do not have that much experience with radtest...

Do you have syslog enabled, and getting logging from freeradius?
Have you tried a RADIUS client on another machine? I think there is even some Windows based clients similar to radtests you can use to test with.
0
 

Author Comment

by:ssuresh07
Comment Utility
In the Radius log when i give localhost it is logging correctly with the sql connections & the ports accessed.
But trying other IP's wont even log.
I even switched off the IP tables for firewall but still no solution.

I have not tried any clients on other machines.

But one thing I have done and it is working ,
For testing I connected my router through LAN to ubuntu machine where freeradius 2 ( different version from that of centOS ) is running in 192.168.1.2.
Added this 192.168.1.2 IP to my clients.conf.
Enabled chillispot in my router And tried accessing from another machine through wiFi.
I am able to login through hotspotlogin.cgi and everything works fine.

I want this same setup to run through WAN. ie Router is not connected to the radius server through LAN.
0
 
LVL 17

Expert Comment

by:pergr
Comment Utility
Perhaps you have a routing problem?
Can you ping the new radius server from the router?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:ssuresh07
Comment Utility
Yes, When I change my radius settings in my router to the one in remote ie Centos,
I am able to get the page redirected to the web server but no log is created for radius server when i try to login.
0
 
LVL 17

Expert Comment

by:pergr
Comment Utility
I assume the router is another Linux box, or?
Can you ping from its "command line" to the new radius server?

The web server you see is probably running on the router, or?
0
 

Author Comment

by:ssuresh07
Comment Utility
I have been using like this,

1 linux box with centos has freeradius2 and website (to collect user information) installed
1 router with internet connection configured to redirect to the website using chillispot

When I connect to the router through wifi from a wifi device, I get redirected to the website. But the issue is, I am not getting authenticated. Username and password is available in the mysql table.

Am I missing some thing in this logic? I have not studied radius server and its work environments, just known from forums and blogs.

Please tell me where am I wrong in this scenario.

Thanks.
0
 
LVL 17

Expert Comment

by:pergr
Comment Utility
I have not used that set-up.
Somehow something needs to communicated with the router, and tell it that AUTH was OK so it can let future packets through. Is the router the RADIUS client, or the web server?

Possibly the web server collects user/pass from the browser, and then forward it to the router - and then the router is the RADIUS client and sent it to the RADIUS server for AUTH.

Is that 'ping' OK?
0
 

Author Comment

by:ssuresh07
Comment Utility
The router is the radius client. and I tried pinging through a wifi system connected to router to the webserver with radius server and i got the relpy.

0
 
LVL 17

Accepted Solution

by:
pergr earned 250 total points
Comment Utility
You should double check the TCP port number used.

Freeradius uses TCP 1812 for AUTH, while for example Cisco routers are using TCP 1645 as default. Typically on a Cisco you would configure both IP, TCP port and RADIUS key together.

If you get nothing at all in the radiuss.log on the Freeradius server, then there is a problem with networking, port numbers or RADIUS client. Make sure there is no firewall blocking it.
0
 

Author Comment

by:ssuresh07
Comment Utility
The port 1812 are open and I have disabled the firewall also.
I think the problem is only radius client.
Can you provide the clean setup for radius client.
0
 
LVL 17

Expert Comment

by:pergr
Comment Utility
Did some quick googling of chilispot, and it seems you radius config is tightly connected to the configuration of the UAM server. Are you running that on the same server as freeradius?
0
 

Author Comment

by:ssuresh07
Comment Utility
UMA server is one which runs on the DDWRT - the router which i am using.
0
 
LVL 17

Assisted Solution

by:pergr
pergr earned 250 total points
Comment Utility
I think you need to get some logs from the DDWRT, so we can figure out where it fails.

http://www.dd-wrt.com/wiki/index.php/Logging_with_DD-WRT
0
 

Author Closing Comment

by:ssuresh07
Comment Utility
I have got the solution for this questions.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now