Re: Authentication problem with PIX-515

[Mario Vodopivec]

It was a misspelled key ('1' and 'l' look the same in some fonts)... It works OK now, I want to thank to all the people who made freeradius... Mario.   ----- Original Message ----- From: "Mario Vodopivec" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, July 05, 2002 4:14 PM Subject: Authentication problem with PIX-515 > I am using FreeRadius 0.5 and Cisco PIX-515 Firewall. > Authentication is denied and it looks exactly like the secret key is > misspelled on PIX, however I already checked that and it is not. 'radtest' > utility works just fine. Does anyone know if there is something specific > with PIX that would cause this problem? > > Here is a portion of clients.conf file and the debug output: > > client 10.10.1.1 { >         secret          = jg8d63196hfg >         shortname       = pix > } > > rad_recv: Access-Request packet from host 10.10.1.1:1645, id=74, length=57 >         User-Name = "mario" >         NAS-IP-Address = 10.10.1.1 >         User-Password = "\303\035s.\343\000\255l\323\236Z\217DG*\033" >         NAS-Port = 5 > modcall: entering group authorize >   modcall[authorize]: module "preprocess" returns ok > rlm_eap: EAP-Message not found >   modcall[authorize]: module "eap" returns noop >   modcall[authorize]: module "suffix" returns ok > radius_xlat:  'mario' > sql_escape in:  'mario' > sql_escape out:  'mario' > sql_set_user:  escaped user --> 'mario' > radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE > Username = 'mario' ORDER BY id' > rlm_sql: Reserving sql socket id: 4 > rlm_postgresql Status: PGRES_TUPLES_OK > sql_postgresql: affected rows = > radius_xlat:  'SELECT > radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche > ck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE > usergroup.Username = 'mario' AND usergroup.GroupName = > radgroupcheck.GroupName ORDER BY radgroupcheck.id' > rlm_postgresql Status: PGRES_TUPLES_OK > sql_postgresql: affected rows = > radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE > Username = 'mario' ORDER BY id' > rlm_postgresql Status: PGRES_TUPLES_OK > sql_postgresql: affected rows = > radius_xlat:  'SELECT > radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep > ly.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE > usergroup.Username = 'mario' AND usergroup.GroupName = > radgroupreply.GroupName ORDER BY radgroupreply.id' > rlm_postgresql Status: PGRES_TUPLES_OK > sql_postgresql: affected rows = > radius_xlat:  'SELECT Value,Attribute FROM radcheck WHERE UserName = 'mario' > AND ( Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute = > 'Crypt-Password' ) ORDER BY Attribute DESC' > rlm_postgresql Status: PGRES_TUPLES_OK > sql_postgresql: affected rows = > rlm_sql: Released sql socket id: 4 >   modcall[authorize]: module "sql" returns ok > modcall: group authorize returns ok > auth: type Local > auth: Failed to validate the user. > Login incorrect: [mario/s\222,\252\031\362\217\314gw\371\352\345\350\260*] > (from nas pix port 5) >   WARNING: Unprintable characters in the password. ?  Double-check the > shared secret on the server and the NAS! > Delaying request 0 for 1 seconds > Finished request 0 > Going to the next request > --- Walking the entire request list --- > Waking up in 1 seconds... > --- Walking the entire request list --- > Waking up in 1 seconds... > --- Walking the entire request list --- > Sending Access-Reject of id 74 to 10.10.1.1:1645 > Waking up in 4 seconds... > --- Walking the entire request list --- > Cleaning up request 0 ID 74 with timestamp 3d25f8e9 > Nothing to do.  Sleeping until we see a request. > > >