Community discussions

MikroTik App
 
dolf
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 79
Joined: Mon Mar 28, 2005 9:24 pm

Radius timeout error

Sun May 14, 2006 10:53 pm

I have the new userman working on my main gateway mt.

I get authentication error from the client and in the MT log it says: authentication fialed - radius timeout(6)

I had my radius working on IAS.

Can userman run on the same MT which is also authenticating pppoe?

Dolf
 
dolf
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 79
Joined: Mon Mar 28, 2005 9:24 pm

Thu May 18, 2006 10:26 pm

To answer my own question in case somebody else wondered about it.

I used the originating ip of the client MT, which wasn't on the same range but that wasn't the IP the user manager saw and didn't accept the requests.

I now use the ip of the interface the request will enter the subnet on.

It now works fine.

Dolf
 
User avatar
airstream
Member Candidate
Member Candidate
Posts: 188
Joined: Fri Feb 03, 2006 6:33 am
Location: New Zealand

Fri May 19, 2006 6:08 am

Hi Dolf, I too am wondering how to get the user manager to authenticate PPPoE clients.

So far usermanager is radius based, i can test its access accept replys with NTradping (cool little utility), It seems that User managers access accept does not include "framed type ppp" in its response. This reply attribute is needed for PPPoE radius authentication yes?

ever closer to the answer.
 
dolf
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 79
Joined: Mon Mar 28, 2005 9:24 pm

Fri May 19, 2006 7:22 am

my pppoe works fine, just ticked the ppp box in radius setup, but doesn't work with servicename!
 
User avatar
airstream
Member Candidate
Member Candidate
Posts: 188
Joined: Fri Feb 03, 2006 6:33 am
Location: New Zealand

Fri May 19, 2006 7:36 am

Im confused,

My radius client settings are 127.0.0.1 , secret is correct, standard ports.

Usermanager has a "router" 127.0.0.1 with the secret.

My PPPoE server has a blank service name, and will work with radius as tested (steel belted radius) and by its own user list.

No matter what the username or password is of a user created in the manager, it always answers mikrotik radius client with a reject.

What have i missed?
 
User avatar
airstream
Member Candidate
Member Candidate
Posts: 188
Joined: Fri Feb 03, 2006 6:33 am
Location: New Zealand

Sun May 21, 2006 3:22 am

I have now upgraded to a level 6 license, still no luck getting User manager to reply with access accept calls from the MT box its on, always rejects (connects to the radius IP on 127.0.0.1 ok but rejects the access call), The username/password entered into User Manager is correct. So PPPoE clients get "error 691..... Wrong username/password" (windows box)

The PPP>Secrets>AAA is ticked for Radius and Accounting, and the radius client (MT) is looking to 127.0.0.1 with PPP ticked.

If i print the userlist i get a date for 1970, as the credit till date. How do i change this, the internal clock is correct to UTC and our timezone +12:00

[admin@ATM Feilding] tool user-manager> user print
Flags: X - disabled, A - active
0 subscriber=admin username="test1" password="test1" first-name="Test"
last-name="User" pool-name="pool1" last-seen=never credit-count=0
credit-left=0s credit-duration=0s credit-price=0
credit-till-time=jan/01/1970 00:00:00 credit-time-added=0s

1 subscriber=admin username="test" password="test" pool-name="pool1"
last-seen=never credit-count=0 credit-left=0s credit-duration=0s
credit-price=0 credit-till-time=jan/01/1970 00:00:00
credit-time-added=0s

2 subscriber=useradmin username="test3" password="test3" pool-name="pool1"
last-seen=never credit-count=0 credit-left=0s credit-duration=0s
credit-price=0 credit-till-time=jan/01/1970 00:00:00
credit-time-added=0s
[admin@ATM Feilding] tool user-manager>


Any takers?

Cheers
 
dolf
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 79
Joined: Mon Mar 28, 2005 9:24 pm

Sun May 21, 2006 9:38 am

I see you have 2 set of customers - as I understand then two different radius servers actually with thier own subscribers.

With wich one do you login to the webinterface? delete the other one and enter the users in the web interface.

I see my date is the same but it works, maybe it's a bug??

Does this pool1 you specifeid exist on the Local MT? Try removing it first. The pool entered there only works if the pppoe server is on the local MT. Mine doesn't want to authenticate remote MT's if I enter a local-pool.

Hope it works.
 
User avatar
airstream
Member Candidate
Member Candidate
Posts: 188
Joined: Fri Feb 03, 2006 6:33 am
Location: New Zealand

Sun May 21, 2006 10:07 am

Hi Dolf,
I see you have 2 set of customers - as I understand then two different radius servers actually with thier own subscribers.
I started with just the one customer "admin" then had a try by adding another "useradmin"
With wich one do you login to the webinterface? delete the other one and enter the users in the web interface.
Have done this
Does this pool1 you specifeid exist on the Local MT? Try removing it first. The pool entered there only works if the pppoe server is on the local MT. Mine doesn't want to authenticate remote MT's if I enter a local-pool.
Yes the pool is an IP that is on the local MT machine (the same MT does PPPoE and has the user manager).

Here is the current setup
[admin@ATM Feilding] tool user-manager customer> print
Flags: X - disabled 
 0   subscriber=admin login="admin" password="g3ff3rs0n" time-zone=+00:00 
     permissions=owner parent=admin 
[admin@ATM Feilding] tool user-manager customer> /
[admin@ATM Feilding] > tool user-manager user    
[admin@ATM Feilding] tool user-manager user> print
Flags: X - disabled, A - active 
 0    subscriber=admin username="test1" password="test1" first-name="Test" 
      last-name="User" pool-name="pool1" last-seen=never credit-count=0 
      credit-left=0s credit-duration=0s credit-price=0 
      credit-till-time=jan/01/1970 00:00:00 credit-time-added=0s 

 1    subscriber=admin username="test" password="test" pool-name="pool1" 
      last-seen=never credit-count=0 credit-left=0s credit-duration=0s 
      credit-price=0 credit-till-time=jan/01/1970 00:00:00 
      credit-time-added=0s 
[admin@ATM Feilding] tool user-manager user>
Ill have a fiddle with the pool settings and let you know.

Cheers for your advice :)
 
dolf
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 79
Joined: Mon Mar 28, 2005 9:24 pm

Mon May 22, 2006 3:27 pm

I picked a problem with MT 2.9.22 that doesn't want to work with usermanager as client. Similar problem as you described.
 
retaheri
just joined
Posts: 24
Joined: Thu Oct 17, 2019 12:22 pm

[SOLVED] Re: Radius timeout error

Mon Sep 14, 2020 8:28 am

[SOLVED] I had same problem that "log" showed user xxx authentication failed-radius timeout! after many attempts I found that an unneeded NAT rule was set!
 
User avatar
Shahid
newbie
Posts: 25
Joined: Sat Nov 05, 2016 3:31 am
Location: Multan, Pakistan
Contact:

Re: Radius timeout error

Mon Oct 17, 2022 12:50 am

Radius client can not communicate with radius server aka (Userman) when general masquarading rule is applied.
exclude 127.0.0.1 from masquerading & use 127.0.0.1 as Radius client & User manager IP.
Use this code instead
/ip/firewall/nat/add chain=srcnat action=masquerade src-address=!127.0.0.1 log=no
or you can also define masquerading rule separately for each subnet for added security.
Took me 2 hours to solve this issue. posting here to help others.
 
User avatar
atomicduck
Member Candidate
Member Candidate
Posts: 237
Joined: Fri Oct 02, 2020 1:42 pm

Re: Radius timeout error

Fri Sep 01, 2023 7:18 pm

Radius client can not communicate with radius server aka (Userman) when general masquarading rule is applied.
exclude 127.0.0.1 from masquerading & use 127.0.0.1 as Radius client & User manager IP.
Use this code instead
/ip/firewall/nat/add chain=srcnat action=masquerade src-address=!127.0.0.1 log=no
or you can also define masquerading rule separately for each subnet for added security.
Took me 2 hours to solve this issue. posting here to help others.
And help you did. Kudos. Found this thread while debugging timeout from LOG.

Who is online

Users browsing this forum: No registered users and 11 guests