RE: sql returns fail for some stop requests
(sorry if this is duplicate) i have modified the sql queries and removed unnecessary whitespace, but am still getting some queries cut-off in the log. the main issue is with accounting stop requests. (i am using the default queries provided with freeradius 2.1.12 - dialup.conf) is there a way to increase the space/memory available for sql queries? the main issue is with accounting stop requests. in addition i have found the following in the logs: rlm_sql (sql): There are no DB handles to use! skipped 0, tried to connect 0 ++[sql] returns fail number of DB connections has already been raised from the default 5 to 25, this is a rare error, but it still exists, might be related. Amir. From: Amir Tal Sent: Wednesday, July 11, 2012 4:48 PM To: 'freeradius-users@lists.freeradius.org' Subject: sql returns fail for some stop requests Freeradius ver 2.1.12, configured to use ldap for auth, sql for acct. Sometimes users' sessions get stuck and have to be closed manualy (simultaneous use is turned on for all users). After extensive debugging I have found the following in the logs (radius -X) [thread] # Executing section preacct from file /etc/raddb/sites-enabled/default [thread] +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 14117776,Client-IP-Address = xx.xx.xx.xx,NAS-IP-Address = xx.xx.xx.xx,Acct-Session-Id = erx ip:109.226.0.9:147.235.234.115:1e47:6248:14c2:8b6a:5dac845:0060992452,Use r-Name = x@ccc' [acct_unique] Acct-Unique-Session-ID = d49ba42fa077f5f0. ++[acct_unique] returns ok [suffix] Looking up realm ccc for User-Name = x@ccc [suffix] Found realm ccc [suffix] Adding Stripped-User-Name = x [suffix] Adding Realm = ccc [suffix] Accounting realm is LOCAL. ++[suffix] returns ok ++[files] returns noop # Executing section accounting from file /etc/raddb/sites-enabled/default +- entering group accounting {...} [detail]expand: %{Packet-Src-IP-Address} - xx.xx.xx.xx [detail]expand: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d - /var/log/radius/radacct/xx.xx.xx.xx/detail-20120711 [detail] /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/radius/radacct/xx.xx.xx.xx/detail-20120711 [detail]expand: %t - Wed Jul 11 02:03:45 2012 Cleaning up request 12612249 ID 93 with timestamp +729235 ++[detail] returns ok [detail.moreshet] expand: /var/log/radius/radacct/moreshet.relay - /var/log/radius/radacct/moreshet.relay [detail.moreshet] /var/log/radius/radacct/moreshet.relay expands to /var/log/radius/radacct/moreshet.relay [detail.moreshet] expand: %t - Wed Jul 11 02:03:45 2012 ++[detail.moreshet] returns ok ++[unix] returns ok [sql] expand: %{Stripped-User-Name} - x [sql] expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} - x [sql] sql_set_user escaped user -- 'x' [sql] expand: %{Acct-Input-Gigawords} - 0 [sql] expand: %{Acct-Input-Octets} - 4001 [sql] expand: %{Acct-Output-Gigawords} - 0 [sql] expand: %{Acct-Output-Octets} - 8134 [sql] expand: %{Acct-Delay-Time} - 0 [sql] expand:UPDATE radacct SET acctstoptime = '%S', acctsessiontime= '%{Acct-Session-Time}', acctinputoctets= '%{%{Acct-Input-Gigawords}:-0}' 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}' -UPDATE radacct SET acctstoptime = '2012-07-11 02:03:45', acctsessiontime= '517', acctinputoctets= '0' 32 | '4001', acctoutputoctets = '0' 32 | [sql] expand: /var/log/radius/sqltrace.sql - /var/log/radius/sqltrace.sql Cleaning up request 12612250 ID 95 with timestamp +729235 ++[sql] returns fail Thread 20 got semaphore Thread 19 got semaphore It seems the last SQL query line is cut off for some reason, this only happens on some connections, while others are stopped correctly. Not specific to users or time of day. Versions information: cat /etc/issue : CentOS release 5.6 (Final) Kernel \r on an \m rpm -qa | grep radius : freeradius2-python-2.1.12-7 freeradius2-ldap-2.1.12-7 freeradius2-2.1.12-7 freeradius2-krb5-2.1.12-7 freeradius2-mysql-2.1.12-7 freeradius2-utils-2.1.12-7 freeradius2-postgresql-2.1.12-7 freeradius2-perl-2.1.12-7 freeradius2-unixODBC-2.1.12-7 additional logs and/or information can be provided
Router as NAS
Can I connect to radius via a router that has a guestzone? It simply means that the router has an extra guestzone interface that also contains choice for PSK or EAP From the following information I wonder why the radiusd is not responding.Remember I am trying to log in with the radius from the PC where the radius is installed. Radius is on 192.168.0.198 and I am attempting login or request from 192.168.0.198. This may also be a mistake. Maybe there will be a conflict betw 192.168.0.1 = router and 192.168.0.198 localhost. I simply dont know. The router is a DLINK 655 The OS is SuSE Linux Enterprise Desktop 10, ServPack 3 The radius is the freeradiu-sserver-2.1.12 Here are the fields from this zone in the router: **ROUTER PART** Use this section to configure the guest zone settings of your router. The guest zone provide a separate network zone for guest to access Internet: --GUEST ZONE SELECTION-- Enable Guest Zone : (Yes) Wireless Band : 2.4GHz Band Wireless Network Name : EAP_sled (Also called the SSID) Enable Routing Between Zones : (No) Security Mode : WPA-Enterprise --WPA-- WPA Mode : Auto (WPA or WPA2) Cipher Type : TKIP and AES Group Key Update Interval : 3600 (seconds) --EAP (802.1x)-- When WPA enterprise is enabled, the router uses EAP (802.1x) to authenticate clients via a remote RADIUS server. Authentication Timeout : 60 (minutes) RADIUS server IP Address : 192.168.0.198 RADIUS server Port : 1812 RADIUS server Shared Secret : testing123 MAC Address Authentication : No **CLIENT.CONF** Then I change the client.conf from localhost 127.0.0.1 to the IP of the router 192.168.0.1 #client localhost { # Allowed values are: # dotted quad (1.2.3.4) # hostname(radius.example.com) # ipaddr = 127.0.0.1 # Test with router: client router { # Allowed values are: # dotted quad (1.2.3.4) # hostname(radius.example.com) ipaddr = 192.168.0.1 # and I keep rest of it as it was. **/ETC/HOSTS/** I put in a line in /etc/hosts/ (I am not sure if it is right or necessary: # IP-Address Full-Qualified-Hostname Short-Hostname 192.168.0.1 routerdlink **YAST CONFIG FOR THE USERCLIENT** I change the setup in system (YaST)from PKS key to EAP: --MODUS-- Accesspoint: (Yes) Ad hoc: no Master: no --NETWORKNAME SSID-- EAP_sled --AUTHENTICATION MODUS-- Open: no Shared key: no WPA-EAP (Yes) WPA-PSK: no EAP Modus: TTLS Identity: sigbj (as in /usr/local/etc/raddb/users) Password: testing-0 (as in /usr/local/etc/raddb/users) Anonymous identity: (left open) Client-Sert: (closed) Client-Key: (closed) Client-Key_password: whatever Server-Sert: /usr/local/etc/raddb/certs/server.csr I have made no changes in eap.conf and radius.conf I try to start the radiusd -X with these changes (the previous test on localhost is successful: Ready to process requests. And radtest test gives the right feedback:Sending Access-Accept of id 178 to 127.0.0.1 port 1932,so this test part works) Some of the messages from the radiusd -X with the changed client.conf: radiusd: Loading Clients client router { ipaddr = 192.168.0.1 require_message_authenticator = no secret = testing123 nastype = other . ... adding new socket proxy address * port 1047 Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /usr/local/var/run/radiusd/radiusd.sock Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. radtest gives this: Sending Access-Request of id 207 to 127.0.0.1 port 1812 User-Name = sigbj User-Password = testing-0 NAS-IP-Address = 192.168.0.198 NAS-Port = 0 Message-Authenticator = 0x radclient: no response from server for ID 207 socket 3 and radiusd consequently: Ignoring request to authentication address * port 1812 from unknown client 127.0.0.1 port 1048 Trying to login with the Knetworkmanager (KDE) on to the network gives no reaction on the server, server is just waiting, the knetworkmanager may blink or just dryrun. I have a feeling that the server is listening on the 127.0.0.1 instead on 192.168.0.1, but do not know I am of course doing a typical newbie mistake somewhere, but I do not know what. IF YOU NEED THE WHOLE RADIUSD -X LOG AT THIS POINT, PLEASE TELL ME. I have given this explanations to begin with. The problems may also be that a router of this kind cannot be used on freeradius or that the router is 100% Windows-messed-up. -- Si St sigbj...@operamail.com -- http://www.fastmail.fm - A no graphics, no pop-ups email service - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sql returns fail for some stop requests
Amir Tal wrote: i have modified the sql queries and removed unnecessary whitespace, but am still getting some queries cut-off in the log. ... is there a way to increase the space/memory available for sql queries? Edit the source code. See src/modules/rlm_sql/ in addition i have found the following in the logs: rlm_sql (sql): There are no DB handles to use! skipped 0, tried to connect 0 ++[sql] returns fail ... this is a rare error, but it still exists, might be related. It's not related. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
a router as NAS
(I think I messed up the previous posting by returning on a previous by Winter answered post. This message is found in the end of that post. I am sorry. Hope this one comes in with the new subject.) Can I connect to radius via a router that has a guestzone? It simply means that the router has an extra guestzone interface that also contains choice for PSK or EAP From the following information I wonder why the radiusd is not responding.Remember I am trying to log in with the radius from the PC where the radius is installed. Radius is on 192.168.0.198 and I am attempting login or request from 192.168.0.198. This may also be a mistake. Maybe there will be a conflict betw 192.168.0.1 = router and 192.168.0.198 localhost. I simply dont know. The router is a DLINK 655 The OS is SuSE Linux Enterprise Desktop 10, ServPack 3 The radius is the freeradiu-sserver-2.1.12 Here are the fields from this zone in the router: **ROUTER PART** Use this section to configure the guest zone settings of your router. The guest zone provide a separate network zone for guest to access Internet: --GUEST ZONE SELECTION-- Enable Guest Zone : (Yes) Wireless Band : 2.4GHz Band Wireless Network Name : EAP_sled (Also called the SSID) Enable Routing Between Zones : (No) Security Mode : WPA-Enterprise --WPA-- WPA Mode : Auto (WPA or WPA2) Cipher Type : TKIP and AES Group Key Update Interval : 3600 (seconds) --EAP (802.1x)-- When WPA enterprise is enabled, the router uses EAP (802.1x) to authenticate clients via a remote RADIUS server. Authentication Timeout : 60 (minutes) RADIUS server IP Address : 192.168.0.198 RADIUS server Port : 1812 RADIUS server Shared Secret : testing123 MAC Address Authentication : No **CLIENT.CONF** Then I change the client.conf from localhost 127.0.0.1 to the IP of the router 192.168.0.1 #client localhost { # Allowed values are: # dotted quad (1.2.3.4) # hostname(radius.example.com) # ipaddr = 127.0.0.1 # Test with router: client router { # Allowed values are: # dotted quad (1.2.3.4) # hostname(radius.example.com) ipaddr = 192.168.0.1 # and I keep rest of it as it was. **/ETC/HOSTS/** I put in a line in /etc/hosts/ (I am not sure if it is right or necessary: # IP-Address Full-Qualified-Hostname Short-Hostname 192.168.0.1 routerdlink **YAST CONFIG FOR THE USERCLIENT** I change the setup in system (YaST)from PKS key to EAP: --MODUS-- Accesspoint: (Yes) Ad hoc: no Master: no --NETWORKNAME SSID-- EAP_sled --AUTHENTICATION MODUS-- Open: no Shared key: no WPA-EAP (Yes) WPA-PSK: no EAP Modus: TTLS Identity: sigbj (as in /usr/local/etc/raddb/users) Password: testing-0 (as in /usr/local/etc/raddb/users) Anonymous identity: (left open) Client-Sert: (closed) Client-Key: (closed) Client-Key_password: whatever Server-Sert: /usr/local/etc/raddb/certs/server.csr I have made no changes in eap.conf and radius.conf I try to start the radiusd -X with these changes (the previous test on localhost is successful: Ready to process requests. And radtest test gives the right feedback:Sending Access-Accept of id 178 to 127.0.0.1 port 1932,so this test part works) Some of the messages from the radiusd -X with the changed client.conf: radiusd: Loading Clients client router { ipaddr = 192.168.0.1 require_message_authenticator = no secret = testing123 nastype = other . ... adding new socket proxy address * port 1047 Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /usr/local/var/run/radiusd/radiusd.sock Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. radtest gives this: Sending Access-Request of id 207 to 127.0.0.1 port 1812 User-Name = sigbj User-Password = testing-0 NAS-IP-Address = 192.168.0.198 NAS-Port = 0 Message-Authenticator = 0x radclient: no response from server for ID 207 socket 3 and radiusd consequently: Ignoring request to authentication address * port 1812 from unknown client 127.0.0.1 port 1048 Trying to login with the Knetworkmanager (KDE) on to the network gives no reaction on the server, server is just waiting, the knetworkmanager may blink or just dryrun. I have a feeling that the server is listening on the 127.0.0.1 instead on 192.168.0.1, but do not know I am of course doing a typical newbie mistake somewhere, but I do not know what. IF YOU NEED THE WHOLE RADIUSD -X LOG AT THIS POINT, PLEASE TELL ME. I have given this explanations to begin with. The problems may also be that a router of this kind cannot be used on freeradius or that the router is 100% Windows-messed-up. -- Si St sigbj...@operamail.com --
Re: a router as NAS
Si St wrote: From the following information I wonder why the radiusd is not responding. Read the debug log. Really. It's not hard. Nothing else will help. Remember I am trying to log in with the radius from the PC where the radius is installed. I have no idea what that means. Here are the fields from this zone in the router: **ROUTER PART** Use this section to configure the guest zone settings of your router. We don't need to see any of the router config. **CLIENT.CONF** Then I change the client.conf from localhost 127.0.0.1 to the IP of the router 192.168.0.1 Why? Why not just add a *new* section? **/ETC/HOSTS/** I put in a line in /etc/hosts/ (I am not sure if it is right or necessary: If you're not sure, don't do it. **YAST CONFIG FOR THE USERCLIENT** We don't need to see any of this. I try to start the radiusd -X with these changes (the previous test on localhost is successful: Ready to process requests. And radtest test gives the right feedback:Sending Access-Accept of id 178 to 127.0.0.1 port 1932,so this test part works) Until you delete 127.0.0.1 from the clients.conf file. Sending Access-Request of id 207 to 127.0.0.1 port 1812 User-Name = sigbj User-Password = testing-0 NAS-IP-Address = 192.168.0.198 NAS-Port = 0 Message-Authenticator = 0x radclient: no response from server for ID 207 socket 3 and radiusd consequently: Ignoring request to authentication address * port 1812 from unknown client 127.0.0.1 port 1048 Of course. That's what you told it do to. Trying to login with the Knetworkmanager (KDE) on to the network gives no reaction on the server, server is just waiting, the knetworkmanager may blink or just dryrun. Then you have a networking problem. Not a RADIUS problem. Go fix that. I have a feeling that the server is listening on the 127.0.0.1 instead on 192.168.0.1, but do not know The server listens on all IPs by default. It prints this out in debug mode. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: a router as NAS
Hi, you can use the following to include all the IPs inside the clients file: client 0.0.0.0/0 { secret = mysecret shortname = myNAS } From the router's side you need to write a command to add your radius shared key and ip. For example if it's allied telesis radius-server key key radius-server host ip for cisco is something similar. If you are using Mysql then you need to add it to the nas table but before that you need to edit the sql.conf file and uncomment the radclients = yes for example my Mysql nas table is like that: ++--+--+---+---++---+---++ | id | nasname | shortname| type | ports | secret | community | description | server | ++--+--+---+---++---+---++ | 1 |IP | Core | other | NULL | key | NULL | Radius Client | NULL | | 2 |IP | ZoneDirector | other | NULL | key | NULL | Radius Client | NULL | ++--+--+---+---++---+---++ because i am using the core and the zone director as a NAS. Good luckAndrew From: sigbj...@operamail.com To: freeradius-users@lists.freeradius.org Subject: a router as NAS Date: Sun, 15 Jul 2012 18:49:18 +0200 (I think I messed up the previous posting by returning on a previous by Winter answered post. This message is found in the end of that post. I am sorry. Hope this one comes in with the new subject.) Can I connect to radius via a router that has a guestzone? It simply means that the router has an extra guestzone interface that also contains choice for PSK or EAP From the following information I wonder why the radiusd is not responding.Remember I am trying to log in with the radius from the PC where the radius is installed. Radius is on 192.168.0.198 and I am attempting login or request from 192.168.0.198. This may also be a mistake. Maybe there will be a conflict betw 192.168.0.1 = router and 192.168.0.198 localhost. I simply dont know. The router is a DLINK 655 The OS is SuSE Linux Enterprise Desktop 10, ServPack 3 The radius is the freeradiu-sserver-2.1.12 Here are the fields from this zone in the router: **ROUTER PART** Use this section to configure the guest zone settings of your router. The guest zone provide a separate network zone for guest to access Internet: --GUEST ZONE SELECTION-- Enable Guest Zone : (Yes) Wireless Band : 2.4GHz Band Wireless Network Name : EAP_sled (Also called the SSID) Enable Routing Between Zones : (No) Security Mode : WPA-Enterprise --WPA-- WPA Mode : Auto (WPA or WPA2) Cipher Type : TKIP and AES Group Key Update Interval : 3600 (seconds) --EAP (802.1x)-- When WPA enterprise is enabled, the router uses EAP (802.1x) to authenticate clients via a remote RADIUS server. Authentication Timeout : 60 (minutes) RADIUS server IP Address : 192.168.0.198 RADIUS server Port : 1812 RADIUS server Shared Secret : testing123 MAC Address Authentication : No **CLIENT.CONF** Then I change the client.conf from localhost 127.0.0.1 to the IP of the router 192.168.0.1 #client localhost { # Allowed values are: # dotted quad (1.2.3.4) # hostname(radius.example.com) # ipaddr = 127.0.0.1 # Test with router: client router { # Allowed values are: # dotted quad (1.2.3.4) # hostname(radius.example.com) ipaddr = 192.168.0.1 # and I keep rest of it as it was. **/ETC/HOSTS/** I put in a line in /etc/hosts/ (I am not sure if it is right or necessary: # IP-Address Full-Qualified-Hostname Short-Hostname 192.168.0.1 routerdlink **YAST CONFIG FOR THE USERCLIENT** I change the setup in system (YaST)from PKS key to EAP: --MODUS-- Accesspoint: (Yes) Ad hoc: no Master: no --NETWORKNAME SSID-- EAP_sled --AUTHENTICATION MODUS-- Open: no Shared key: no WPA-EAP (Yes) WPA-PSK: no EAP Modus: TTLS Identity: sigbj (as in /usr/local/etc/raddb/users) Password: testing-0 (as in /usr/local/etc/raddb/users) Anonymous identity: (left open) Client-Sert: (closed) Client-Key: (closed) Client-Key_password: whatever Server-Sert: /usr/local/etc/raddb/certs/server.csr I have made no changes in eap.conf and radius.conf I try to start the radiusd -X with these changes (the previous test on localhost is successful: Ready to process requests. And radtest test gives the right feedback:Sending Access-Accept of id 178 to 127.0.0.1 port 1932,so this test part works) Some of the messages from the radiusd -X with the changed client.conf: radiusd: Loading Clients client router { ipaddr = 192.168.0.1 require_message_authenticator = no secret = testing123 nastype = other
Re: a router as NAS
Thank you, I have done that already. The IP and the shared secret is inside the EAP config of the router just like you say. I have ping contact from the PC to the router. The configuration client router { secret = testing123; ipaddr = 192.168.0.1; } should work so that I would be able to send radtest sigbj testing-0 192.168.0.1 0 testing123 to the router to have the router call the radiusd at 192.168.0.199. Using 127.0.0.1 there is full acceptance both with radtetst -t eap-md5, chap, mschap, pap. It IS working, and WELL too. -- The mysql part I have not tried out, but it is not so important at this stage. To me the radius is so well configured and constructed that it should be this simple, at least taken in consideration the docu I have read. The problem seems to be that call from the computer to the NAS-client (the router) does not come through, or the NAS will not send requests to the radius server. Again, it might be a network problem, a missing part from my side, or something else. Strange is it, because the router works with WAP-PSK -- Si St [1]sigbj...@operamail.com On Sun, Jul 15, 2012, at 11:21 PM, Andrew Andonopoulos wrote: Hi, you can use the following to include all the IPs inside the clients file: client 0.0.0.0/0 { secret = mysecret shortname = myNAS } From the router's side you need to write a command to add your radius shar ed key and ip. For example if it's allied telesis radius-server key key radius-server host ip for cisco is something similar. If you are using Mysql then you need to add it to the nas table but before that you need to edit the sql.conf file and uncomment the radclients = ye s for example my Mysql nas table is like that: ++--+--+---+---++---+- --++ | id | nasname | shortname| type | ports | secret | community | desc ription | server | ++--+--+---+---++---+- --++ | 1 |IP | Core | other | NULL | key | NULL | Radi us Client | NULL | | 2 |IP | ZoneDirector | other | NULL | key | NULL | Radi us Client | NULL | ++--+--+---+---++---+- --++ because i am using the core and the zone director as a NAS. Good luck Andrew From: sigbj...@operamail.com To: freeradius-users@lists.freeradius.org Subject: a router as NAS Date: Sun, 15 Jul 2012 18:49:18 +0200 (I think I messed up the previous posting by returning on a previous by Winter answered post. This message is found in the end of that post. I am sorry. Hope this one comes in with the new subject.) Can I connect to radius via a router that has a guestzone? It simply means that the router has an extra guestzone interface that also contains choice for PSK or EAP From the following information I wonder why the radiusd is not responding.Remember I am trying to log in with the radius from the PC where the radius is installed. Radius is on 192.168.0.198 and I am attempting login or request from 192.168.0.198. This may also be a mistake. Maybe there will be a conflict betw 192.168.0.1 = router and 192.168.0.198 localhost. I simply dont know. The router is a DLINK 655 The OS is SuSE Linux Enterprise Desktop 10, ServPack 3 The radius is the freeradiu-sserver-2.1.12 Here are the fields from this zone in the router: **ROUTER PART** Use this section to configure the guest zone settings of your router. The guest zone provide a separate network zone for guest to access Internet: --GUEST ZONE SELECTION-- Enable Guest Zone : (Yes) Wireless Band : 2.4GHz Band Wireless Network Name : EAP_sled (Also called the SSID) Enable Routing Between Zones : (No) Security Mode : WPA-Enterprise --WPA-- WPA Mode : Auto (WPA or WPA2) Cipher Type : TKIP and AES Group Key Update Interval : 3600 (seconds) --EAP (802.1x)-- When WPA enterprise is enabled, the router uses EAP (802.1x) to authenticate clients via a remote RADIUS server. Authentication Timeout : 60 (minutes) RADIUS server IP Address : 192.168.0.198 RADIUS server Port : 1812 RADIUS server Shared Secret : testing123 MAC Address Authentication : No **CLIENT.CONF** Then I change the client.conf from localhost 127.0.0.1 to the IP of the router 192.168.0.1 #client localhost { # Allowed values are: # dotted quad (1.2.3.4) # hostname (radius.example.com) # ipaddr = 127.0.0.1 # Test with router: client router { # Allowed values are: # dotted quad (1.2.3.4) # hostname (radius.example.com) ipaddr = 192.168.0.1 # and I keep rest of it as it was. **/ETC/HOSTS/** I put in a line in /etc/hosts/ (I am not sure if it is right or necessary: # IP-Address Full-Qualified-Hostname Short-Hostname 192.168.0.1 router dlink **YAST CONFIG FOR THE USERCLIENT** I change the setup in system (YaST)from PKS key to EAP: --MODUS-- Accesspoint: (Yes) Ad hoc: no Master: