RADIUS Server initialization failed

Bryan Kadzban bryan at kadzban.is-a-geek.net
Tue Oct 16 22:23:00 EDT 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Mr. Maloomnahi wrote:
> I rewrote the file without spaces and the error
> I had mentioned last time vanished.

OK, that's good.

> But still the failure "Connection
> Refused" persists. The dump is as follows: 
> 
> 1192506268.277257: madwifi_set_iface_flags:

Does it make any difference if you use a wext hostapd interface, or
doesn't hostapd have that option?  wpa_supplicant lets you choose from a
set of backends (it calls them drivers); if hostapd does the same, then
I'd think that wext might be better supported than madwifi.  Maybe.

Then again, the backend may not even be the problem, I'm not sure.

> 1192506268.291007: eth1: RADIUS Authentication server 192.168.1.151:1812
> 1192506268.291521: eth1: RADIUS Accounting server 192.168.1.151:1813

OK, so it found the server(s).

> 1192506268.294439: eth1: RADIUS Sending RADIUS message to accounting server
> RADIUS message: code=4 (Accounting-Request) identifier=0 length=72
>    Attribute 40 (Acct-Status-Type) length=6
>       Value: 7
>    Attribute 45 (Acct-Authentic) length=6
>       Value: 1
>    Attribute 4 (NAS-IP-Address) length=6
>       Value: 192.168.1.151
>    Attribute 30 (Called-Station-Id) length=28
>       Value: '00-14-78-8F-5E-49:SEMCO_AP'
>    Attribute 49 (Acct-Terminate-Cause) length=6
>       Value: 11

So the connection was terminated, with cause 11 (which is "NAS is
restarting").  So far so good...

> 1192506268.294808: eth1: RADIUS Next RADIUS client retransmit in 3 seconds
> l2_packet_receive - recvfrom: Network is down
> l2_packet_receive - recvfrom: Network is down
> recv[RADIUS]: Connection refused

... but apparently it couldn't actually send it to the RADIUS accounting
server?  Looks like no process had a UDP socket listening on port 1813.

Do you really need RADIUS accounting?  If hostapd doesn't require it,
and your network doesn't require you to know how long people have been
connected (or anything else that accounting gives you, but it's usually
just that), it'll probably be simpler to turn it off.

Everything else here is just a retransmit of that accounting packet,
which runs into the same issue when the accounting server isn't
listening (or isn't running).

Does it make any difference to change the RADIUS server IP to 127.0.0.1
in the config file?  Perhaps hostapd's integrated RADIUS server only
listens on localhost (I'm not sure, but it's probably in the docs).

Also, would it work to move to something like FreeRADIUS?  That way you
don't have to worry about the integrated-RADIUS-in-hostapd acting up,
because you're using a separate program.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHFXIDS5vET1Wea5wRAyO8AJ4/5OFn1qnTbRZitJ0oVV3FLOK42gCgpkuA
BAmgQWSMhsJDzaggXvCLFpg=
=36LC
-----END PGP SIGNATURE-----

More information about the HostAP mailing list