4

Same problem that the other guys have had but with the difference that the procedure applied to them, are not working in my scenario. Lets make order:

Freeradius on RasPi

Netstat:

root@raspberrypi:~# netstat -unpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address   Foreign Address State PID/Program name
udp        0      0 0.0.0.0:59830   0.0.0.0:*             3574/freeradius
udp        0      0 127.0.0.1:18120 0.0.0.0:*             3574/freeradius
udp        0      0 0.0.0.0:1812    0.0.0.0:*             3574/freeradius
udp        0      0 0.0.0.0:1813    0.0.0.0:*             3574/freeradius
udp        0      0 0.0.0.0:1814    0.0.0.0:*             3574/freeradius

Debug with freeradius-x 

Failed binding to authentication address * port 1812: Address already in use
/etc/freeradius/radiusd.conf[240]: Error binding to port for 0.0.0.0 port 1812

root@raspberrypi:~# ps aux | grep free
freerad   3574  0.0  1.3  54088  6032 ?        Ssl  16:32   0:00 /usr/sbin/freeradius
root      3610  0.0  0.4   3548  1832 pts/0    S+   16:35   0:00 grep free

If I kill that process I get from freeradius debug

 ... adding new socket proxy address * port 50820
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.

but radtest "John Doe" hello 127.0.0.1 0 test does not work because the service is not running. Any suggestions?

Rui F Ribeiro
  • 55,929
  • 26
  • 146
  • 227
Federi
  • 963
  • 8
  • 27
  • 38
  • That is the debug output rad_recv: Access-Request packet from host 127.0.0.1 port 45847, id=183, length=78 Received packet from 127.0.0.1 with invalid Message-Authenticator! (Shared secret is incorrect.) Dropping packet without response. Going to the next request Waking up in 0.9 seconds. And that is the conf (default one) "John Doe" Cleartext-Password := "hello" Reply-Message = "Hello, %{User-Name}" – Federi Nov 06 '15 at 16:45
  • Can you post your radiusd.conf file so we can see your configuration? – David King Nov 06 '15 at 17:32
  • Sorry for the late response. That s my conf prefix = /usr exec_prefix = /usr sysconfdir = /etc localstatedir = /var sbindir = ${exec_prefix}/sbin logdir = /var/log/freeradius raddbdir = /etc/freeradius radacctdir = ${logdir}/radacct name = freeradius confdir = ${raddbdir} run_dir = ${localstatedir}/run/${name} db_dir = ${raddbdir} libdir = /usr/lib/freeradius pidfile = ${run_dir}/${name}.pid user = freerad group = freerad max_request_time = 30 cleanup_delay = 5 max_requests = 1024 listen { type = auth ipaddr = * ipv6addr = :: port = 0 – Federi Nov 12 '15 at 23:08

1 Answers1

1

You can either run the server in debug mode(with debug logs coming on console or going to a file) or run it as a utility.

Running in debug mode:

freeradius -X

This following will output debug logs to a file and will push it to the background:

freeradius -x -l /home/user/debug_logs &

Running it as a utility.

/etc/init.d/freeradius start

Now the reason why you were not able to run debug and it was showing an error binding port error was because it was already running(as seen by ps and netstat commands).

Now about your comment below your question:

The error says pretty much what is required, in your comments you posted the debug of radtest.

invalid Message-Authenticator! (Shared secret is incorrect.)

The shared secret used "test" is incorrect. The default shared secret for localhost NAS is testing123, So try running with the following command:

radtest "John Doe" hello 127.0.0.1:18120 0 testing123

If this also doesn't work, Go to clients.conf search from localhost NAS and see what is the shared secret written and use that.

Rui F Ribeiro
  • 55,929
  • 26
  • 146
  • 227
Anirudh Malhotra
  • 121
  • 4
  • The error in the title of the question is/was because you were trying to launch freeradius *while it is already running*. Your answer is for a different problem/question. – Rui F Ribeiro Oct 21 '16 at 10:21
  • See the comments in his question, He managed to run a debug and posted the output of the radtest so obviously he was able to run the server, I guess. – Anirudh Malhotra Oct 21 '16 at 10:25
  • Read what I wrote, I never said it was not running. The question describes one problem till the last line, and the last line and the comments another. – Rui F Ribeiro Oct 21 '16 at 10:40
  • corrected the answer! :), Hope its more satisfactory. – Anirudh Malhotra Oct 21 '16 at 10:41
  • The problem of doing a start when it is *already* running is that the OP will get that error "Error binding to port". It should be restart. – Rui F Ribeiro Oct 21 '16 at 10:43
  • The answer has actually to be `radtest "John Doe" hello 127.0.0.1:18120 0 testing123` to use the actual debugging tunnel – Rui F Ribeiro Jan 19 '18 at 22:37