Router won't talk to external RADIUS Server

cmacneill · May 10, 2007, 11:04pm

I have a v2.9.42 MT Router on a private subnet behind an ADSL router that performs NAT.

I have configured a Hotspot on a Virtual AP and pointed the RADIUS Client at an external RADIUS Server hosted on a public address at a hosting centre.

Using radtest I can authenticate locally on the RADIUS server, I can also authenticate OK from a PC connected to the same subnet as the MT Router.

The RADIUS server is running in debug mode, when I connect to the HotSpot I’m prompted for Username and Password, these are entered, but “RADIUS server is not responding” is the error returned. There is no debug information at all on the RADIUS server, i.e. no attempt to connect. I’ve tried rebooting the router a couple of times, but it seems to refuse to send packets to the RADIUS server.

I’ve tried adding the IP address of the RADIUS server to the Walled Garden, but this makes no difference.

I can PING the RADIUS server from the MT router.

I’ve followed everything to the letter in the Wiki example, but I’m out of ideas.

Regards

Chris Macneill

csickles · May 10, 2007, 11:51pm

Try bumping up the timeout at the MT.

cmacneill · May 11, 2007, 12:37am

Already upped that to 1000ms, other test clients are getting a response within 150ms.

All that the timeout will do is cause the router to retry, the Server isn’t seeing ANYTHING from the router.

mneumark · May 11, 2007, 6:39am

Have you tried turning on the logging on the MT to see what is going on between the MT and radius?

Matt

dawam · May 11, 2007, 1:37pm

I suspect you have same issue as this,

http://forum.mikrotik.com/t/radius-not-responding/11859/1

cmacneill · May 11, 2007, 11:06pm

OK, I found the problem. The reference in the last post wasn’t really relevant as this was using User Manager, not an externsl RADIUS Server. This post mentioned that there was a limitation in the length of the encryption secret, this may be true for User Manager, but there appears to be no limitiation with an externsl RADIUS server, at least I’m using an 8 character secret with no problem.

The problem in the end was that I had put a value in “Called-ID”, it seems that if this is anything other than null “”, the RADIUS Client does nothing, no attempt to connect to the server and absolutely nothing in the logs.

Unfortunately this is another example of the documentation being woeful, the parameter is listed in the documentation, but there is no explanation as to it’s function.

The MikroTik documentation as currently configured is next to useless, it is completely pointless just to make a list of all the possible parameters without explaining what their purpose or use is.

nescafe · June 13, 2007, 10:16am

well,.. unfortunately it doesnt work on my case. i’m using windows IAS and Mikrotik 2.9.6

the radius server does really nothing. no counter runs, no sign that there’s a traffic to my IAS server. no logs. I’ve tried with each and every possible parameter. none works.

it worked perfectly before. but we got some trouble with the harddisk and we’ve got to reinstall the server.

well.. i’ve been struggling with this problem for days. and i’m so near to give it up.