I'm using freeradius on docker and is trying to get a response back when access request is sent.
When radtest is run using: radtest bob testpw 127.0.0.1 1812 sharedSecret
Sent Access-Request Id 18 from 0.0.0.0:56219 to 127.0.0.1:1812 length 73
User-Name = "bob"
User-Password = "testpw"
NAS-IP-Address = 172.17.0.2
NAS-Port = 1812
Message-Authenticator = 0x00
Cleartext-Password = "testpw"
Sent Access-Request Id 18 from 0.0.0.0:56219 to 127.0.0.1:1812 length 73
User-Name = "bob"
User-Password = "testpw"
NAS-IP-Address = 172.17.0.2
NAS-Port = 1812
Message-Authenticator = 0x00
Cleartext-Password = "testpw"
Sent Access-Request Id 18 from 0.0.0.0:56219 to 127.0.0.1:1812 length 73
User-Name = "bob"
User-Password = "testpw"
NAS-IP-Address = 172.17.0.2
NAS-Port = 1812
Message-Authenticator = 0x00
Cleartext-Password = "testpw"
(0) No reply from server for ID 18 socket 3
I know that this normally happens when the shared secret is wrong, but it is the same as mentioned in the configuration files.
When debugged I get the bellow error.
Ignoring request to auth address * port 1812 bound to server default from unknown client 172.17.0.3 port 60699 proto udp Ready to process requests
error is given without any response back from the server.
The clients.conf file is as follows;
client dockernet {
ipaddr = 172.17.0.0/16
secret = sharedSecret
}
and authorise file;
bob Cleartext-Password := "testpw"
default file;
server default {
listen {
type = auth
ipv4addr = *
# ipv6addr = *
# ipaddr = *
port = 5
# interface = eth0
# clients = per_socket_clients
recv_buff = 65536
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
authorize {
update request {
&Tmp-String-0 := "%{string:User-Password}"
&User-Password := "%{string:Tmp-String-0}"
}
# filter_username
# filter_password
preprocess
# operator-name
# cui
# auth_log
chap
mschap
digest
# wimax
# IPASS
suffix
# ntdomain
eap {
ok = return
# updated = return
}
#
# unix
# Read the 'users' file. In v3, this is located in
# raddb/mods-config/files/authorize
files
-sql
# smbpasswd
-ldap
# daily
expiration
logintime
pap
# Autz-Type Status-Server {
# }
}
authenticate {
ntlm_auth
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
mschap
digest
# pam
# Auth-Type LDAP {
# ldap
# }
#
# Allow EAP authentication.
eap
# Auth-Type eap {
# eap {
# handled = 1
# }
# if (handled && (Response-Packet-Type == Access-Challenge)) {
# attr_filter.access_challenge.post-auth
# handled # override the "updated" code from attr_filter
# }
# }
}
#
# Pre-accounting. Decide which accounting type to use.
#
preacct {
preprocess
#
# Merge Acct-[Input|Output]-Gigawords and Acct-[Input-Output]-Octets
# into a single 64bit counter Acct-[Input|Output]-Octets64.
#
# acct_counters64
# update request {
# &FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l - %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}"
# }
acct_unique
# IPASS
suffix
# ntdomain
#
# Read the 'acct_users' file
files
}
An Access-Accept or an Access-Reject is expected. But no response, when debugged and gives the above error in the logs.
It works! after I changed the clients.conf file to have a netmask and not ipaddr = 172.17.0.0/16
client dockernet {
ipaddr = 172.17.0.0
secret = sharedSecret
netmask = 24
shortname = dockernet
}
This article helped me https://linux.die.net/man/5/clients.conf