Radius client vs NAS connection issues
The professional way to manage your WiFi network using FreeRADIUS
Brought to you by:
dvdwalt
Menu
▾
▴
I have setup radiusdesk for authentication for a large number of mikrotik devices.
During testing, I have bee able to get a radius client with NAS identifier and proper site wide secret to allow login.
The problem lies in creating NAS for larger number of devices.
When I remove my radius client and attempt to use only NAS login I get a timeout (not even reject) on radius.
I am attempting to use subnet (e.x. NAS IP = 192.168.1.0/24) but that doesn't work, tried a single IP instead and that also did not work.
Radius secret is the same on both - not sure why I am not even getting rejected login attempts.
any attempt to connect adds my client to "unkown clients". "from IP" matches the NAS credentials.
It is not feasible to add every device as a client, so need NAS subnets to work.
Confirmed mikrotik is using proper source address and sending proper NAS-IP-Address.
Realm is set properly and have tried changing multiple settings but get nothing
Last edit: matt Penner 2023-06-05
Please take a look in /var/log/freeradius/radius.log and /var/log/freeradius/radacct/"ip address of your nas"/detail-"date" log file.
If there is not enough logged then enable logging in /etc/freeradius/3.0/radiusd.conf
Last edit: Bernie137 2023-06-06
I am being given the error that login is incorrect, however when I create the client for the IP bypassing the NAS, the same user and password works.
In radacct/ I am not seeing the IP of the device I am attempting to login to.
The NAS IP I have set in radius desk is currently X.X.X.0/24, and I am attempting to login on X.X.X.9, so it should be within the appropriate range to showup in the NAS
I use the username mattp which works fine on a created client. Is it possibly a realm option that I need to enable or disable? I attempted adding the realm but no dice,
Last edit: matt Penner 2023-06-06
Go to NAS tab select your NAS entry and Edit. You can on tab "Realms" check "Make available to any Realm" or choose "include" your realms.
In Realms tab you can select your Realm and Edit. There I have configured Suffix like "domain.dom". And also I have select "Add suffix when..." for all 3 cases.
Next you create a new user. Your new user get a login name like "user@domain.don". Use this spelling for login and watch radius.log.
"The NAS IP I have set in radius desk is currently X.X.X.0/24, and I am attempting to login on X.X.X.9, so it should be within the appropriate range to showup in the NAS" This is exactly how it works for me in my setup.
My NAS entry already had the appropriate realms included.
Realms was not configured to add suffix but I tested with and without that and there is no difference, even when creating a new user to test.
Log still states invalid user. Attached is screenshot showing it working when I had created a client but stopping once attempting to use NAS.
Your help is much appreciated
Maybe you set "auth = yes" in logging part in /etc/freeradius/3.0/radiusd.conf. Don't forget a freeradius service restart for working. Now you see more logging in freeradius.log
It just occurred to me: If I had added new NAS ip ranges sometimes it does'nt work. But I have seen an error in freeradius.log like - analogous - "NAS secret wrong". But it was not wrong. I did a simply restart of the whole RADIUSdesk machine and after that it was working. Maybe just restarting the service would have helped (systemctl restart freeradius).
I also asked myself yesterday: What does the entry ".../ValleyFiber" mean for you? Why you see in your log file slash ValleyFiber .../ValleyFiber? How did you write the login name in the device?
For comparison, here is an excerpt from my log file...
Hey, this is now resolved!
I feel quite silly but a restart fixed the issue, I guess freeradius does an initial read of the NAS entries on start without refreshing during changes.
I was sure i had done a restart before but here we are.
Thanks for your help here!
Hey, that's nice to hear.
Can you please tell me if this is the same thing in your installation? https://sourceforge.net/p/radiusdesk/discussion/help/thread/95a3879850/
Looks like I am missing all the same things as in your examples for 2022-B.
Have no version number, and am also missing the settings in admin, as well as the missing icon in task bar.
Thank you for your answer. Would you be so kind as to write that down in the other case?