Thank you Francois. Finally got it working. Two things I noticed that were problematic (for anyone who runs into a similar issue)
1) make sure that if you run radtest, do not reference the freeradius server as "localhost" even if you are on the localhost. Use an ip instead. (otherwise it will resolve to 127.0.0.1, which you will need to put in your clients file) 2) you will need to modify pf's radiusd.conf to make sure that the log file is writing to the log file for authentication events, otherwise you will see next to nothing in the logs. -----Original Message----- From: Francois Gaudreault [mailto:[email protected]] Sent: Tuesday, October 02, 2012 8:18 AM To: [email protected] Subject: Re: [PacketFence-users] Centos 6.x + packetfence radius not working Hi Thomas, > Bump on my question =( I would prefer to use an offbox IAS/NPS server > for radius auth but apparently it looks like pfence was written to > hook into freeradius on box. For the simplest solution I suppose my > recourse would be to just get freeradius going. You *have* to use FreeRADIUS even you have an external server. However, you can proxy to a NPS server at some point for the authentication (ie. proxy the inner-tunnel as EAP-MSCHAPv2). Now, FR should work out of the box with 3.5.1 configuration. I would suggest to run it in debug mode and check what is going on. Use: radiusd -X -d /usr/local/pf/raddb > > *From:*Thomas Tsai [mailto:[email protected]] > *Sent:* Wednesday, September 26, 2012 10:40 AM > *To:* '[email protected]' > *Subject:* [PacketFence-users] Centos 6.x + packetfence radius not > working > > I've always had an issue getting the freeradius module to work > correctly with packetfence v3.5 with at least 2 iterations of rebuilding > packetfence. (once under centos 5, and now centos 6) > > I decided to dust off the covers yesterday to do some serious > troubleshooting by looking at logs. > > 1)I read the admin guide section for radius. Followed those steps for > local authentication - nothing fancy with AD auth yet. Lets get the > barebones working. > > 2)I looked for the radius logs under the following spots: > > a./var/log/radius/radius.log > > b./usr/local/pf/logs/radius.log > > Did a tail on both logs just in case, though all the threads online > suggest the correct log to look at is under /var/log. Couldn't find > any logs that matched my attempts to perform "radtest". Radtest > results as > follows: > > [server]# radtest username password localhost 12 key > > [...] > > radclient: no response from server for ID 34 socket 3 > > So.. doesn't look like the radius server is listening. I did what the > packetfence website suggested. Radiusd -X and I get the following results: > > Failed binding to authentication address * port 1812 as server > packetfence: Address already in use > > /etc/raddb/radiusd.conf[27]: Error binding to port for 0.0.0.0 port > 1812 > > So...something is occupying this port already. Let's do a netstat to > confirm... > > [server]# netstat -an | grep 1812 > > udp 0 0 127.0.0.1:18120 0.0.0.0:* > > udp 0 0 10.10.10.254:1812 0.0.0.0:* > > Yes. Something is listening. > > If I stop the packetfence service, I am then able to run radiusd -X > and I am able to perform a radtest with success. > > I want to troubleshoot this and get to the bottom of my issue because > I want to use PF for wireless auth with a WLC! But this is a major > hurdle... > > Any suggestions? > > > > ********************************************** > > Email Disclaimer: > > > > This email, including attachments, may contain > > proprietary, confidential or privileged information. If you > > are not the intended recipient, please (i) do not use, > > disclose, save or retransmit this message or any > > attachments, (ii) alert the sender by reply email and (iii) > > destroy or delete this message and any attachments. > > Delivery of this email to a person other than the intended > > recipient(s) shall not constitute a waiver of privilege or > > confidentiality. > > > > CP Investments, member FINRA and SIPC, serves as > > placement agent for investment products advised by > > Canyon Capital Advisors LLC. This email is not intended to > > be an offer to sell or a solicitation of an offer to buy any > > security in any jurisdiction. We review and retain > > electronic communications traveling through our network. > > > > ********************************************** > > > > ---------------------------------------------------------------------- > -------- > Got visibility? > Most devs has no idea what their production app looks like. > Find out how fast your code is with AppDynamics Lite. > http://ad.doubleclick.net/clk;262219671;13503038;y? > http://info.appdynamics.com/FreeJavaPerformanceDownload.html > > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > -- Francois Gaudreault, ing. jr [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
