[afnog] RADIUS error

Mike Barnard mike.barnardq at gmail.com
Thu Aug 17 07:12:54 SAST 2006


Thanks Brian,


You might be wise to set up a system which you *can* maintain. Build a test
> box, compile ICRADIUS from scratch (or install it from a pre-built
> package),
> make sure it has all the functionality you require, and _document_ every
> step that you took to make it work. Then roll this out onto your live
> system.


im looking into Freeradius and openradius...


> It's hard to say why this might be, since you give very little info about
> your setup. For example, if you have a Mysql database backend, then maybe
> Mysql isn't responding to the queries that are being sent to it.


Sorry about that....the server runs ICRADIUS with MySQL backend. the MySQL
server was running fine. i could read from it very well.


> It's possible (although tedious) to prove for yourself whether the
> passwords
> have been encrypted with the correct secret. You dump the raw packets
> using
> "tcpdump -i eth0 -n -s1500 -vX udp port 1812", and follow the procedures
> in
> RFC 2865 for decrypting the User-Password field. If you're not experienced
> in hacking around the raw innards of binary protocols, you may find this a
> bit difficult.


ill give it a shot....how else do i get my hands 'dirty'.

i managed to get a temprorary solution for it and working on building
another radius server. right now some clients are authenticating from the
NAS itself, though this is putting a load on the NAS. the radius server
works intermittently, though i get a recurrent error after every hour.....
the passwords are not being strangely encrypted...i did change the secret
between the NAS and RADIUS...it may have helped

Error: Problem with checkrad [systems]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://afnog.org/mailman/private/afnog/attachments/20060817/a21a8584/attachment.html 


More information about the afnog mailing list