Authentication problem with PIX-515

Fri, 05 Jul 2002 12:54:51 -0700 

I am using FreeRadius 0.5 and Cisco PIX-515 Firewall.
Authentication is denied and it looks exactly like the secret key is
misspelled on PIX, however I already checked that and it is not. 'radtest'
utility works just fine. Does anyone know if there is something specific
with PIX that would cause this problem?

Here is a portion of clients.conf file and the debug output:

client 10.10.1.1 {
        secret          = jg8d63196hfg
        shortname       = pix
}

rad_recv: Access-Request packet from host 10.10.1.1:1645, id=74, length=57
        User-Name = "mario"
        NAS-IP-Address = 10.10.1.1
        User-Password = "\303\035s.\343\000\255l\323\236Z\217DG*\033"
        NAS-Port = 5
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
rlm_eap: EAP-Message not found
  modcall[authorize]: module "eap" returns noop
  modcall[authorize]: module "suffix" returns ok
radius_xlat:  'mario'
sql_escape in:  'mario'
sql_escape out:  'mario'
sql_set_user:  escaped user --> 'mario'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'mario' ORDER BY id'
rlm_sql: Reserving sql socket id: 4
rlm_postgresql Status: PGRES_TUPLES_OK
sql_postgresql: affected rows =
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
ck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE
usergroup.Username = 'mario' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id'
rlm_postgresql Status: PGRES_TUPLES_OK
sql_postgresql: affected rows =
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'mario' ORDER BY id'
rlm_postgresql Status: PGRES_TUPLES_OK
sql_postgresql: affected rows =
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
ly.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE
usergroup.Username = 'mario' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_postgresql Status: PGRES_TUPLES_OK
sql_postgresql: affected rows =
radius_xlat:  'SELECT Value,Attribute FROM radcheck WHERE UserName = 'mario'
AND ( Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute =
'Crypt-Password' ) ORDER BY Attribute DESC'
rlm_postgresql Status: PGRES_TUPLES_OK
sql_postgresql: affected rows =
rlm_sql: Released sql socket id: 4
  modcall[authorize]: module "sql" returns ok
modcall: group authorize returns ok
auth: type Local
auth: Failed to validate the user.
Login incorrect: [mario/s\222,\252\031\362\217\314gw\371\352\345\350\260*]
(from nas pix port 5)
  WARNING: Unprintable characters in the password. ?  Double-check the
shared secret on the server and the NAS!
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 74 to 10.10.1.1:1645
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 74 with timestamp 3d25f8e9
Nothing to do.  Sleeping until we see a request.




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to