[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: FreeRadius Ignoring request to auth address
From:       Benjamin Diehl <benjamin.diehl () foundationacademy ! net>
Date:       2021-10-07 14:10:20
Message-ID: 51ef89b8-71fd-4075-9f43-acfd9d7d1bd3 () Spark
[Download RAW message or body]

It's all good I won't bother you anymore. I have decided this project is too advanced \
for my current knowledge base. Have a wonderful rest of your work week.



On Oct 7, 2021, 9:32 AM -0400, Alan DeKok <aland@deployingradius.com>, wrote:
> On Oct 7, 2021, at 9:11 AM, Benjamin Diehl <benjamin.diehl@foundationacademy.net> \
> wrote:
> > Here is all the information, I checked the Home Server piece in all the txt files \
> > and nothing I changed, changed the results of the output.
> 
> "I checked stuff".
> 
> What did you check? Why? What did you expect it to be? What changes did you make? \
> Why would you make this changes? 
> This whole approach of "I did stuff and it didn't work" is not helpful. This isn't \
> a "I'm new to RADIUS" issue. 
> The issue is being able to carefully and methodically track down and debug issues. \
> That skill is absolutely critical for building complex systems, whether or not \
> they're RADIUS. 
> > I also tested LDAPsearch command and that worked great.
> 
> Thats good.
> 
> > I have included the freeradius -X result below with 1 query.
> 
> Which system is this? The proxy? The home server? Some other random server?
> 
> Again, you need to EXPLAIN IN DETAIL what you're doing. We can't read your mind. We \
> only know what you want the system to do if you tell us. But for some reason you \
> have issues with telling us, and then you still want us to help debug the problem. 
> That's making it difficult to help you. You've been told this repeatedly.
> 
> > I have followed 2 guides in setting up FreeRadius ( \
> > https://www.nasirhafeez.com/freeradius-with-google-g-suite-workspace-secure-ldap-for-wpa2-enterprise-wifi/) \
> > - Google LDAP (https://support.google.com/a/answer/9089736#zippy=%2Cfreeradius), \
> > I have google searched like crazy but still can't seem to figure out exactly \
> > what's wrong. Your technical help would be much appreciated. I am new to all of \
> > this and learning as I go but I am starting to reach the end of even my own \
> > learnings knowledge base. I understand that there are certain errors in this code \
> > but understanding them and changing exactly the correct things to fix those \
> > issues is where I am failing.
> 
> The attitude of "I'm going to change things to fix issues" is 100% wrong. You're \
> not making random changes. You should be UNDERSTANDING the system first. Then, \
> based on that understanding, making changes to achieve a particular goal. 
> i.e. the changes are goal-oriented, and should achieve a particular result.
> 
> Saying "I need to change things to fix issues" is the mindset that you're just \
> randomly poking things until "it works". 
> > Ready to process requests
> > (0) Received Access-Request Id 23 from 172.16.13.29:46498 to 172.16.2.53:1812 \
> > length 296 (0) User-Name = "benjamin.diehl@foundationacademy.net"
> > (0) NAS-Identifier = "Test Radius"
> > (0) ...
> > (0) NAS-Port-Type = Wireless-802.11
> > (0) Framed-MTU = 1500
> > (0) EAP-Message = \
> > 0x02f700290162656e6a616d696e2e646965686c40666f756e646174696f6e61636164656d792e6e6574
> > 
> 
> OK, it's doing EAP.
> > ...
> > (0) suffix: Checking for suffix after "@"
> > (0) suffix: Looking up realm "foundationacademy.net" for User-Name = \
> > "benjamin.diehl@foundationacademy.net" (0) suffix: Found realm \
> > "foundationacademy.net" (0) suffix: Adding Stripped-User-Name = "benjamin.diehl"
> 
> Yeah, you don't want to do that. You need to edit the realm definition and add \
> "nostrip".
> > ...
> > (0) Proxying request to home server 127.0.0.1 port 1812 timeout 20.000000
> > ...
> > (1) Received Access-Request Id 133 from 127.0.0.1:46909 to 127.0.0.1:1812 length \
> > 284
> 
> Uh... why are you proxying packets from the server to itself? This makes no sense. \
> It's just not necessary. 
> And again, you haven't explained *why* you're doing this. Just "Here's some debug \
> output, but I'm not going to explain what I'm trying to do, or how I've set up the \
> network". 
> > ...
> > (1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
> > (1) authenticate {
> > (1) eap: Identity does not match User-Name, setting from EAP Identity
> 
> Exactly. Don't edit the User-Name when doing EAP.
> 
> And for the fourth time, PLEASE give explanations. Don't rely on "I'm new to \
> RADIUS". There's simply no excuse when you've been told exactly what to do (BE \
> CLEAR AND DESCRIPTIVE), and then you're still not doing it. 
> This isn't a "I'm new to RADIUS" issue. This is an issue of asking for help, and \
> then not following instructions. That's frustrating. 
> Alan DeKok.
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]