Debugging FreeRADIUS with radtest

  • 7014552
  • 12-Feb-2014
  • 12-Feb-2014

Environment

freeRadius 1.0.2
eDirectory integration with FreeRADIUS
Linux SLES 9

Situation

FreeRADIUS Server or freeradius is a daemon for linux/unix operating systems which allows one to set up a radius protocol server, which is usually used for authentication and accounting of dial-up users. To use the server, you also need a correctly setup client which will talk to it, usually a terminal server or a PC with appropriate emulation software.
Debugging FreeRADIUS with radtest

Resolution

Testing FreeRadius with radtest:

 

Edit /usr/local/etc/raddb/clients.conf and enter the details of your NAS unit(s). There are examples here, so it should be easy. Tip: You'll also want to enter 'localhost' here for testing purposes (i.e. so you can use radtest).

At this point you should be able to manually fire up /usr/local/sbin/radiusd. You should do this with the debug turned on so you can see what happens:

      /usr/local/sbin/radiusd -X

Lots of stuff will scroll to the screen, and it should tell you it's ready to accept requests. If you get an error, READ THE DEBUG, then check the docs, check the above and try again.

You should now be able to use FreeRadius. You can use radtest to test an account from the command line:

      radtest username password servername port secret

So, if your example user is 'bob' with password 'novell', your server is called 'radius.domain.com', is using port 1645, and you put localhost (or your localhost's IP) in clients.conf with a secret of 'mysecret', you should use:

 
      radtest bob novell radius.domain.com 1645 mysecret

And you should get back something like:

      Sending Access-Request of id 226 to 127.0.0.1:1645
            User-Name = 'bob'
            User-Password = '\304\2323\326B\017\376\322?K\332\350Z;}'
            NAS-IP-Address = radius.domain.com
            NAS-Port = 1645
 
      rad_recv : Access-Accept packet from host 127.0.0.1:1645,id=226, length=56
            Framed-IP-Address = 11.22.33.1
            Framed-Protocol = PPP
            Service-Type = Framed-User
            Framed-Compression = Van-Jacobson-TCP-IP
            Framed-IP- Netmask = 255.255.255.255

You should get an 'Access Accept' response. If you don't, Go back and check everything. Read the docs, READ THE DEBUG!!

You may also test with NTRadPing (downloadable from MasterSoft) on a desktop Windows PC to send test packets towards the radius server - very handy tool. If you do this, or test from any other machine, remember your PC (or other machine) needs to be in your NAS list in clients.conf too!

.

Additional Information

If the FreeRadius server responds correctly to radtest or NTRadPing, the server is configured correctly.  If there are problems with client access after that, the RAS server or client will need to be checked.  This is not a part of the server config.
Formerly known as TID# 10100993