CAS packets aren't arriving on the Radius Server

[irvan suryadi]

Regards,

Regarding my previous problems, related to the development of a CAS server using Freeradius as an authentication server.

I have done all the configuration according to the directions from the apereo CAS documentation. This includes making sure the two servers can connect using ping and NTRadPing.

But every time I try to enter a username and password on my server cas form. the data doesn't seem to have arrived and was sent to my freeradius server. I say so because on the display freeradius -X there is no change as there is an authentication process to the radius server.

Related to this problem, is it necessary to have a special configuration on freeradius other than shared secret? and Is this problem possibly caused by my tomcat server? Is it necessary to have a special configuration so that the cas server on tomcat can communicate with freeradius?

Sorry if my question is confused or seems inaccurate, for your attention, thank you.

Regards,

Irvan

[Ray Bon]

Irvan,

Could it be blocked ports?

Ray

On Wed, 2020-12-02 at 09:23 -0800, irvan suryadi wrote:

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

-- 

Ray Bon

Programmer Analyst

Development Services, University Systems

2507218831 | CLE 019 | rb...@uvic.ca

I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.

[Colin Ryan]

As I alluded to your directly.

I would run a tcpdump on the Radius Host (as well as Ray's suggestion of ensuring you have no port blocks) and see if any packets are arriving to the Radius server period (e.g. tcpdump -i eth0 host <cas>)

As well confirm that your using the proper ports. Radius RFC's see Authentication running on 1812, but it can sometimes be on 1645. Confirm your client and server side ports match.

Also if your not using IP addresses be sure that your name services are resolving properly.

Colin

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e0dfe4b2-65b4-4bb9-b4b0-0704a54427f9n%40apereo.org.

[irvan suryadi]

Hi collin and Ray too,

Thank for order me to check the connection about blocking port.

As you suggestion i've been try tcpdum and this is the result.

And i think the problem was on my ssl files. i made an ssl using java keytoool and just config the .jks file on my tomcat. I've been canged the keystore files. but still the same.

Did you guys have any suggestion abou how i config the ssl or did I need to disable the ssl from the tomcat?

Thanks Irvan,

the photos is tcpdum result and ssl test from my cas and tomcat server.

[Ray Bon]

Irvan,

Does the freeradius server also have a self signed cert?

When using self signed certs, both ends need to know the other certificate. You may be able to use the same cert or you have to add the certs to both servers.

Ray

On Tue, 2020-12-08 at 01:05 -0800, irvan suryadi wrote:

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.