Community discussions

MikroTik App
  4. l雷竞技
  5. General

MikTik does not understand my FreeRadius

Post Reply
Cartman
Member Candidate
Member Candidate
Topic Author
Posts: 104
Joined: Wed Jul 23, 2008 6:14 pm

MikTik does not understand my FreeRadius

Tue Mar 08, 2011 5:42 pm

Hello World,

I got a little problem combining my RB500 (ROS 3.30) with FreeRadius(FR2.1.10).

我使用默认的登录界面,登录是森t to FR and evaluated to :
Code:Select all 
... rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok [sql_log] Processing sql_log_postauth ++[sql_log] returns noop ++[exec] returns noop Sending Access-Accept of id 20 to 213.xxx.yyy.zzz port 59793 Mikrotik-Rate-Limit == "256000/128000" Session-Timeout = 86000 Finished request 3. Going to the next request Waking up in 4.9 seconds. Cleaning up request 3 ID 20 with timestamp +79 Ready to process requests.
Should be OK so far, but my Routerboard says : Radius server is not responding

Is there a known issue with this constellation ?
Does my MikTik not know the return values or what to do with Access-Accept ?

TIA
Top
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: MikTik does not understand my FreeRadius

Tue Mar 08, 2011 5:49 pm

Any RADIUS client must by necessity understand what an ACCESS-ACCEPT is. Also, the attribute being sent back looks OK.

Look at your RADIUS timeouts. The default is 300ms - if your RADIUS server is taking longer than that to respond, the router will not listen. Each ACCESS-REQUEST carries with it an identifier for that request. Responses refer to the same ID. Once the timeout period is over, the client will not listen to any responses with that ID.

FreeRADIUS works fine with RouterOS, as do other RADIUS servers that speak the protocol as per the RFC.
Top
Cartman
Member Candidate
Member Candidate
Topic Author
Posts: 104
Joined: Wed Jul 23, 2008 6:14 pm

Re: MikTik does not understand my FreeRadius

Tue Mar 08, 2011 6:24 pm

The radius-timeout is 3000ms.
Also tried higher and lower values, but no change.

Maybe my problem is a FR issue.
Top
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: MikTik does not understand my FreeRadius

Tue Mar 08, 2011 6:32 pm

Turn on RADIUS debugging on the router, watch the logs.
Top
Cartman
Member Candidate
Member Candidate
Topic Author
Posts: 104
Joined: Wed Jul 23, 2008 6:14 pm

Re: MikTik does not understand my FreeRadius

Tue Mar 08, 2011 7:06 pm

Debug tells me :
Code:Select all 
17:56:15 radius,debug,packet received bad Access-Accept with id 41 from 213.158.104.59:1812 17:56:15 radius,debug,packet Signature = bad 0x8f80595369b4223eea7aa01998bdc4ee 17:56:15 radius,debug,packet MT-Rate-Limit = "256000/128000" 17:56:15 radius,debug,packet Session-Timeout = 86000 17:56:15 radius,debug received packet for 3f:4e with bad signature, dropping 17:56:18 radius,debug timeout for 3f:4e
Already checked secret and changed secret (on both sides) to one without special chars , no effect.
Tried MTU from 1462-1500, all the same.

Thanks
Top
Reiney
newbie
Posts: 28
Joined: Sat Feb 05, 2011 7:22 am

Re: MikTik does not understand my FreeRadius

Wed Mar 09, 2011 1:15 am

What happens when you test an id on the FR server itself
with the "radtest" utility. If that works, then your FR server
would seem to be ok.
Top
User avatar
Ibersystems
Forum Guru
Forum Guru
Posts: 1686
Joined: Wed Apr 12, 2006 12:29 am
Location:Cabrils, Barcelona - Spain
Contact:
Contact Ibersystems

Re: MikTik does not understand my FreeRadius

Wed Mar 09, 2011 1:55 am

You added the nas with your 2xx.xxx.xxx.xxx adress?
Top
Post Reply

Who is online

Users browsing this forum:Ahrefs [Bot],Bing [Bot],petert,Semrush [Bot]and 25 guests
  4. l雷竞技
  5. General