Radius authentication with SecureID Question

Wed, 25 Jul 2001 09:39:00 -0700 

Hi!
I am having problem in radius authentication using Secure ID (Ace server
v4.1/Sol 8). It works with the system password (/etc/passwd & NIS+)
without any problem. But when set to authenticate with SecureID, it
fails. Can any of you please help me, if you have come across a solution
to the above problem. Here are the details:

I am using the freeradius software (freeradius.org). The radius
server(solaris 8) is  a SecureID client and I am able to authenticate to
the ace server using 'sdshell'. When I dial-in to the terminal server
(ascend), I can see the username/password string on the radius server
(when in debug mode), but do not see any packets being sent ( as
observed by snoop command)  to the ace server(v4.1) for authentication
from radius server. Looks like, the radius server does not know about
the ace server. I see a message on the log file: "auth: Failed to
validate the user."
Thanks in advance for any information. If you need more information,
please let me know.

Nanda Hullahalli
-----------------------------------------------------------------------------

Here is the debug output.

Ready to process requests.
rad_recv: Access-Request packet from host 135.182.64.223:1038, id=197,
length=103
        User-Name = "testuser"
        Password = "\313\200U$\353\000\323\016:r\224"
        NAS-IP-Address = XXX.XXX.XXX.223
        NAS-Port = 20101
        NAS-Port-Type = Async
        Service-Type = Login-User
        State = 0x
        X-Ascend-Third-Prompt = ""
        Calling-Station-Id = "xxxxxxxxx"
        Called-Station-Id = "xxxxxxxxx"
        Acct-Session-Id = "327074222"
modcall[autz]: Entering group at line 692
modcall[autz]: Module at line 692 returns ok
modcall[autz]: action for ok is 3
modcall[autz]: Module at line 695 returns ok
modcall[autz]: action for ok is 3
  users: Matched mahesh at 74
modcall[autz]: Module at line 696 returns ok
modcall[autz]: action for ok is 3
modcall[autz]: Group at line 692 returns ok
  rad_check_password:  Found auth-type SecurID
  auth: SecurID
  auth: Failed to validate the user.
Sending Access-Reject of id 197 to XXX.XXX.XXX..223:1038
Finished request 0
Going to the next request

Here is the entry I have in users file

testuser  Auth-Type := SecurID
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-Address = 255.255.255.252,
        Framed-Routing = None,
        Framed-MTU = 1500


------------------------------------------------------------------



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to