Bump on my question =( I would prefer to use an offbox IAS/NPS server for
radius auth but apparently it looks like pfence was written to hook into
freeradius on box. For the simplest solution I suppose my recourse would be to
just get freeradius going.
From: Thomas Tsai [mailto:[email protected]]
Sent: Wednesday, September 26, 2012 10:40 AM
To: '[email protected]'
Subject: [PacketFence-users] Centos 6.x + packetfence radius not working
I've always had an issue getting the freeradius module to work correctly with
packetfence v3.5 with at least 2 iterations of rebuilding packetfence. (once
under centos 5, and now centos 6)
I decided to dust off the covers yesterday to do some serious troubleshooting
by looking at logs.
1) I read the admin guide section for radius. Followed those steps for
local authentication - nothing fancy with AD auth yet. Lets get the barebones
working.
2) I looked for the radius logs under the following spots:
a. /var/log/radius/radius.log
b. /usr/local/pf/logs/radius.log
Did a tail on both logs just in case, though all the threads online suggest the
correct log to look at is under /var/log. Couldn't find any logs that matched
my attempts to perform "radtest". Radtest results as follows:
[server]# radtest username password localhost 12 key
[...]
radclient: no response from server for ID 34 socket 3
So.. doesn't look like the radius server is listening. I did what the
packetfence website suggested. Radiusd -X and I get the following results:
Failed binding to authentication address * port 1812 as server packetfence:
Address already in use
/etc/raddb/radiusd.conf[27]: Error binding to port for 0.0.0.0 port 1812
So...something is occupying this port already. Let's do a netstat to confirm...
[server]# netstat -an | grep 1812
udp 0 0 127.0.0.1:18120 0.0.0.0:*
udp 0 0 10.10.10.254:1812 0.0.0.0:*
Yes. Something is listening.
If I stop the packetfence service, I am then able to run radiusd -X and I am
able to perform a radtest with success.
I want to troubleshoot this and get to the bottom of my issue because I want to
use PF for wireless auth with a WLC! But this is a major hurdle...
Any suggestions?
**********************************************
Email Disclaimer:
This email, including attachments, may contain
proprietary, confidential or privileged information. If you
are not the intended recipient, please (i) do not use,
disclose, save or retransmit this message or any
attachments, (ii) alert the sender by reply email and (iii)
destroy or delete this message and any attachments.
Delivery of this email to a person other than the intended
recipient(s) shall not constitute a waiver of privilege or
confidentiality.
CP Investments, member FINRA and SIPC, serves as
placement agent for investment products advised by
Canyon Capital Advisors LLC. This email is not intended to
be an offer to sell or a solicitation of an offer to buy any
security in any jurisdiction. We review and retain
electronic communications traveling through our network.
**********************************************
------------------------------------------------------------------------------
Got visibility?
Most devs has no idea what their production app looks like.
Find out how fast your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219671;13503038;y?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
