Hi,
Did anyone worked with Cisco VPN-Client 3.0 and PIX with authentication on
freeradius ?
I'have a Vpnclient Cisco 3.0 and i want to establish a connection with my
PIX.
In Pix i have write "crypto map MYMAP client authentication RADIUS_AUTH", to
query my radius server.
When i try to connect from my PC the vpv-client ask me the username and
password, freeradius make regular authentication and then all is blocking.
I'have see in the debug of freeradius that PIX make a second request of
authentication, freeradius respond whit "OK" another time, but PIX don't
like this answer and don't conclude the ipsec session.
Must i reply whit a particular attribute to PIX, to authenticate this
Vpn-Client.
thanks for help.
This is the debug of freeradius
--- Walking the entire request list ---
Cleaning up request 13 ID 68 with timestamp 3c7cfdd2
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=92, length=60
User-Name = "mauipsec"
NAS-IP-Address = 192.168.1.1
Password = "\t\343\356O\300\341U.\303*\020#/%\366\300"
NAS-Port = 5
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "suffix" returns ok
rlm_sql: Reserving sql socket id: 4
radius_xlat: 'mauipsec'
sql_escape in: 'mauipsec'
sql_escape out: 'mauipsec'
sql_set_user: escaped user --> 'mauipsec'
radius_xlat: 'SELECT id,UserName,Attribute,Value FROM radcheck WHERE
Username = 'mauipsec' ORDER BY id'
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
ck.Value FROM radgroupcheck,usergroup WHERE usergroup.Username = 'mauipsec'
AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value FROM radreply WHERE
Username = 'mauipsec' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
ly.Value FROM radgroupreply,usergroup WHERE usergroup.Username = 'mauipsec'
AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql: Released sql socket id: 4
modcall[authorize]: module "sql" returns ok
modcall: group authorize returns ok
auth: type Local
auth: user supplied Password matches local Password
Login OK: [mauipsec] (from nas PIX port 5)
Sending Access-Accept of id 92 to 192.168.1.1:1645
Finished request 14
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=92, length=60
Sending duplicate authentication reply to client PIX:1645 - ID: 92
Sending Access-Accept of id 92 to 192.168.1.1
rl_next: returning NULL
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 14 ID 92 with timestamp 3c7cfe63
Nothing to do. Sleeping until we see a request.
-------------------------------------
Maurice Foschiatti
Estel s.p.a
Via del Teatro 4
34100 Trieste
mailto: [EMAIL PROTECTED]
cel. +39.329.9028085
tel. +39.040.2629047
-------------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
