[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Radius and portmaster
On Tue, Nov 27, 2001 at 02:33:59AM -0800, Jounewe Koumessi Aline Flore wrote:
> then /var/log/radius.log gives:
> Error: request from unknow client: radius-server-Name
> Error: Authenticate: from client
> radius-server-Name-Security Breach: login name
Excellent work. So what do you think "request from unknown client" means?
The radius server enforces that every RADIUS packet must
(a) come from a known IP address, and
(b) be authenticated with a shared secret
You are using radtest to send packets to radiusd on the same machine. So in
/etc/raddb/clients you will need an entry for
127.0.0.1 secret
or
your.ip.add.dress secret
depending on whether radtest is sending packets with a source of 127.0.0.1
or your.ip.add.dress (look at tcpdump output, or simply put both entries in
/etc/raddb/clients)
The 'naslist' file is not so important. It's only used for debugging, and if
there are any cases where you send different responses depending on the type
of the NAS which originates the request.
After changing the clients file, you need to restart radiusd.
Regards,
Brian.
-----
This is the afnog mailing list, managed by Majordomo 1.94.4
To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)
This list is maintained by owner-afnog at afnog.org