Hello folks,

I successfully installed the freeradius server (version 0.7.1).

I configured a cisco router for authenticating telnet access against
the radius server. So far, I've got them talking together, but
the radius rejects my auth request.

here is the entry of my users file:

DEFAULT Auth-Type := Local
        Fall-Through = 1

scip
        Auth-Type = Local,
        User-Password = "sack",
        Service-Type = Login-User,
        Login-Service = Telnet

(that means, I don't want to use /etc/passwd or the like,
 the password has to be in the users file).


Now if I telnet to the cisco, the radius server (started
with -X) states:

rad_recv: Access-Request packet from host 192.168.yyy.yyy:1645, id=39, length=106
        User-Name = "scip"
        User-Password = "\313\336\337\231:\335$2\241_\242\252\326\333W"
        NAS-Port = 3
        Cisco-AVPair = "interface=tty3"
        NAS-Port-Type = Virtual
        Calling-Station-Id = "192.168.***.***"
        Service-Type = Login-User
        NAS-IP-Address = 192.168.yyy.yyy
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
  modcall[authorize]: module "chap" returns noop
    rlm_realm: Looking up realm NULL for User-Name = "scip"
    rlm_realm: No such realm NULL
  modcall[authorize]: module "suffix" returns noop
    users: Matched DEFAULT at 215
    users: Matched scip at 218
  modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type Local
auth: type Local
auth: No password configured for the user
Login incorrect (No password configured for the user): [scip/sack] (from client 
routers port 3 cli 192.168.***.***)
auth: Failed to validate the user.
Login incorrect: [scip/sack] (from client routers port 3 cli 192.168.***.***)


Here is, what I see on the cisco side:

20:54:06: RADIUS/ENCODE(00000024): ask "Username: "
20:54:06: RADIUS/ENCODE(00000024): send packet; GET_USER
bb03#
20:54:08: RADIUS/ENCODE(00000024): ask "Password: "
20:54:08: RADIUS/ENCODE(00000024): send packet; GET_PASSWORD
20:54:09: RADIUS/ENCODE(00000024): acct_session_id: 36
20:54:09: RADIUS(00000024): sending
20:54:09: RADIUS: Send to unknown id 40 192.168.xxx.xxx:1812, Access-Request, len 106
20:54:09: RADIUS:  authenticator 68 7C D8 7B 7C AF 3B 96 - 39 73 88 10 E1 3A 5E 8D
20:54:09: RADIUS:  User-Name           [1]   6   "scip"
20:54:09: RADIUS:  User-Password       [2]   18  *
20:54:09: RADIUS:  NAS-Port            [5]   6   3                         
20:54:09: RADIUS:  Vendor, Cisco       [26]  22  
20:54:09: RADIUS:   Cisco AVpair       [1]   16  "interface=tty3"
20:54:09: RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]
bb03#
20:54:09: RADIUS:  Calling-Station-Id  [31]  16  "192.168.***.***"
20:54:09: RADIUS:  Service-Type        [6]   6   Login                     [1]
20:54:09: RADIUS:  NAS-IP-Address      [4]   6   192.168.yyy.yyy             
bb03#
20:54:11: RADIUS: Received from id 40 192.168.xxx.xxx:1812, Access-Reject, len 20
20:54:11: RADIUS:  authenticator 8B CF FB C9 C3 5D 00 B0 - DF BD 52 66 0A 08 C7 02
20:54:11: RADIUS: Received from id 24
20:54:11: RADIUS/DECODE: parse response short packet; IGNORE


 
my question: how can I get freeradius to let me telnet into the
cisco router? why does it claim that there is no password set,
although it's defined in the users file?


thanks in advance,

Tom

-- 
Thomas Linden <[EMAIL PROTECTED]>,  I Z B  Informatik-Zentrum
Muenchen-Frankfurt a.M. GmbH & Co.KG, Internet Service Providing
OE532 Tel:089/2171-27998, Fax:089/2171-27995,  http://www.izb.de

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to