Hello folks,
I successfully installed the freeradius server (version 0.7.1).
I configured a cisco router for authenticating telnet access against
the radius server. So far, I've got them talking together, but
the radius rejects my auth request.
here is the entry of my users file:
DEFAULT Auth-Type := Local
Fall-Through = 1
scip
Auth-Type = Local,
User-Password = "sack",
Service-Type = Login-User,
Login-Service = Telnet
(that means, I don't want to use /etc/passwd or the like,
the password has to be in the users file).
Now if I telnet to the cisco, the radius server (started
with -X) states:
rad_recv: Access-Request packet from host 192.168.yyy.yyy:1645, id=39, length=106
User-Name = "scip"
User-Password = "\313\336\337\231:\335$2\241_\242\252\326\333W"
NAS-Port = 3
Cisco-AVPair = "interface=tty3"
NAS-Port-Type = Virtual
Calling-Station-Id = "192.168.***.***"
Service-Type = Login-User
NAS-IP-Address = 192.168.yyy.yyy
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
rlm_realm: Looking up realm NULL for User-Name = "scip"
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 215
users: Matched scip at 218
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type Local
auth: type Local
auth: No password configured for the user
Login incorrect (No password configured for the user): [scip/sack] (from client
routers port 3 cli 192.168.***.***)
auth: Failed to validate the user.
Login incorrect: [scip/sack] (from client routers port 3 cli 192.168.***.***)
Here is, what I see on the cisco side:
20:54:06: RADIUS/ENCODE(00000024): ask "Username: "
20:54:06: RADIUS/ENCODE(00000024): send packet; GET_USER
bb03#
20:54:08: RADIUS/ENCODE(00000024): ask "Password: "
20:54:08: RADIUS/ENCODE(00000024): send packet; GET_PASSWORD
20:54:09: RADIUS/ENCODE(00000024): acct_session_id: 36
20:54:09: RADIUS(00000024): sending
20:54:09: RADIUS: Send to unknown id 40 192.168.xxx.xxx:1812, Access-Request, len 106
20:54:09: RADIUS: authenticator 68 7C D8 7B 7C AF 3B 96 - 39 73 88 10 E1 3A 5E 8D
20:54:09: RADIUS: User-Name [1] 6 "scip"
20:54:09: RADIUS: User-Password [2] 18 *
20:54:09: RADIUS: NAS-Port [5] 6 3
20:54:09: RADIUS: Vendor, Cisco [26] 22
20:54:09: RADIUS: Cisco AVpair [1] 16 "interface=tty3"
20:54:09: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
bb03#
20:54:09: RADIUS: Calling-Station-Id [31] 16 "192.168.***.***"
20:54:09: RADIUS: Service-Type [6] 6 Login [1]
20:54:09: RADIUS: NAS-IP-Address [4] 6 192.168.yyy.yyy
bb03#
20:54:11: RADIUS: Received from id 40 192.168.xxx.xxx:1812, Access-Reject, len 20
20:54:11: RADIUS: authenticator 8B CF FB C9 C3 5D 00 B0 - DF BD 52 66 0A 08 C7 02
20:54:11: RADIUS: Received from id 24
20:54:11: RADIUS/DECODE: parse response short packet; IGNORE
my question: how can I get freeradius to let me telnet into the
cisco router? why does it claim that there is no password set,
although it's defined in the users file?
thanks in advance,
Tom
--
Thomas Linden <[EMAIL PROTECTED]>, I Z B Informatik-Zentrum
Muenchen-Frankfurt a.M. GmbH & Co.KG, Internet Service Providing
OE532 Tel:089/2171-27998, Fax:089/2171-27995, http://www.izb.de
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
