I had the problem before and it was because in the clients.conf file I had written clients (with an s) and not client.
> > Message: 1 > Date: Tue, 13 Feb 2007 12:13:08 +0100 > From: Davide Molteni <[EMAIL PROTECTED]> > Subject: Re: Error: Ignoring request from unknown client IP:1645 > To: freeradius list <[email protected]> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain > > I'm very sorry Alan for replying to your own email address and not on > the list. Here it is > > > Il giorno lun, 12/02/2007 alle 13.35 +0100, Alan DeKok ha scritto: >> Davide Molteni wrote: >> >>> On the cisco I configured: >>> radius-server host ipmyradius auth-port 1812 acct-port 1813 >>> and the other aaa commands needed >>> >>> If I look at the radius.log file I always see >>> >>> Error: Ignoring request from unknown client ipmycisco:1645 >> Did you configure the server to have that IP in "clients.conf"? > > Sure! With the IP and the same shared key as the cisco NAS client > >>> The Cisco router keeps always trying to connect to radius using port >>> 1645 even if I specified to use 1812... >> That's a bug in the Cisco router. > > Yea but is this a problem for freeradius to properly work? I need to set > freeradius to listen on 1645 in radiusd.conf? Or I need to change it > in /etc/services ? > >>> I have tried to configure radius >>> server to listen on port 1645 but is the same. >> Listening on port 1645 won't make the server believe that > "ipmycisco" >> is a known client. > > Well I know this very well in fact, the client that is ignored is > properly configured in clients.conf >>> The microsoft radius integration(server 2003) worked at first try > with >>> this cisco config... >> Really. Did you configure the Cisco box as a client in the MS > RADIUS >> server? > > Yes, sure I had to put in the ms radius the cisco box as a client > otherwise it wouldn't work... > > Please notice that I would like to use this radius for simple PAP ONLY. > Maybe I'm doing something wrong with users file? > Please tell me the right way to configure a single test user for PAP > only. I would like to disable unused modules (ldap,mysql...) > > It couldn't be a problem of authentication method? > > I forgot an important element to tell anyone wants to help. > I tried to change the shared key on one side (radius) and noticed that > log file continue to write again the same error > > Ignoring request from unknown client IP:1645 > > So the issue it's due to the fact that cisco client don't exchange > shared key with radius... > > This can halp to focus better the problem? > > thanks in advance > -- Walt Reynolds Principle Systems Security Development Engineer Information Technology Central Services University of Michigan (734) 615-9438 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
