Radius Authentication server is not responding

[vincentdavis]

I have a Ubiquity UniFi wireless access point installed and configured to use a zentyal server configures with smaba, LDAP, radius.

Running radtest
sudo radtest testone password 192.168.88.65:1812 1812 password 192.168.88.65
Sending Access-Request of id 11 to 192.168.88.65 port 1812
   User-Name = "testone"
   User-Password = "password"
   NAS-IP-Address = 192.168.88.58
   NAS-Port = 1812
   Message-Authenticator = 0x00000000000000000000000000000000
   Framed-Protocol = PPP
rad_recv: Access-Accept packet from host 192.168.88.65 port 1812, id=11, length=26
   Service-Type = Login-User

Which I assume means it is working. (from my computer to the zentyal)

When I try to connect to the wireless access point I get an error "Authentication server is not responding"

Any ideas, what are the next diagnostic steps?

[half_life]

Try adding a port forward rule like the one below.  I have an old AP that uses the old 1645 port number.

 
eth1   Zentyal   UDP   1645   10.3.54.157/32   10.3.54.15   1812   Radius      

Eth1 is my internal network  10.3.54.157 is the old AP and 10.3.54.15 is my zentyal server and finally 1812 is the modern/current port assignment for RADIUS.  Couldn't hurt.

       

[vincentdavis]

@half_life
Thanks for the suggestion but the ubiquity radius setup explicitly lets me set the port number and the default is 1812.

[half_life]

Have you verified the shared secret and the ip address settings under RADIUS in the Zentyal gui?

[half_life]

Also try monitoring the /var/log/freeradius/radius.log (use tail -f /var/log/freeradius/radius.log from a command line) and see if it gives you any clues.

[vincentdavis]

I looked at the logs (see below), it looks like it is not authenticating the user, I did verify the username and password and connected to the home directory using the username and password.
Also confimed the radius shared secret.

Does PAM need to be on?
Does the computer need to be a member of the domain?

The port listed does not make sense to me. I know I have the client setup to use 1812.
Any ideas?

...: Auth: Login incorrect: [testone] (from client 192.168.88.60/32 port 0 via TLS tunnel)
...: Auth: Login incorrect: [testone] (from client 192.168.88.60/32 port 0 cli 58-B0-35-74-f2-f6)

[half_life]

Do you have anything setup in "group allowed to authenticate" ?  Is the tested user part of that group? The computer does not need to be part of the domain.  Can you elaborate what you mean by PAM being on?

[thorsten]

Hi,

I got the same problem, it seems to be a bug.
Together with several other bugs I discoverd, for me it seems that all bugs I found run to the same problem:
In any case of my bugs (I can not join a domain, radius does not work, a LDAP error while trying to define an external mail account within usercorner) I fear LDAP authentification is the root cause - but I am not a programmer, just a user and this is just a supposition.

Best regards
Thorsten