0

I'm trying to set up RADIUS auth with my Strongswan server.

I get the following error:

Jun  2 20:51:47 nl1 charon: 17[LIB] resolving 'radius.server.com' failed: Name or service not known
Jun  2 20:51:47 nl1 charon: 14[IKE] initiating EAP_RADIUS method failed
Jun  2 20:51:47 nl1 charon: 14[ENC] generating IKE_AUTH response 2 [ EAP/FAIL ]

It says it cannot resolve the hostname "radius.server.com", however when I ping or DIG the hostname on my server it works fine. resolv.conf is also set correctly.

How does Strongswan resolve the RADIUS hostname and how can I fix this ? When I enter the IP directly it works fine.

Keanu
  • 1
  • 1

1 Answers1

0

It uses getaddrinfo() to resolve the hostname ("Name or service not known" is actually an error message returned by gai_strerror()).

So if this doesn't work, either the configured hostname isn't correct or the resolver isn't set up correctly somehow.

ecdsa
  • 3,973
  • 15
  • 29
  • I just tried calling that method from a C program I wrote and it resolves the domain perfectly. Meanwhile the error is still being thrown in Strongswan. Does strongswan use any specific resolver settings for this ? – Keanu Jun 03 '19 at 16:24
  • It sets `ai_family` (to `AF_UNSPEC` in this case) and `ai_socktype` (to `SOCK_DGRAM`) in `struct addrinfo` passed to `getaddrinfo()` (`NULL` is passed as second argument/`service`). As far as I know, there are no application-specific resolver settings (unless perhaps you link applications to differently configured C libraries, or via namespaces/chroots). – ecdsa Jun 04 '19 at 07:07