--- Thomas Linden <[EMAIL PROTECTED]> wrote: > Hello folks, > > I successfully installed the freeradius server > (version 0.7.1). > > I configured a cisco router for authenticating > telnet access against > the radius server. So far, I've got them talking > together, but > the radius rejects my auth request. > > here is the entry of my users file: > > DEFAULT Auth-Type := Local > Fall-Through = 1 > > scip > Auth-Type = Local, > User-Password = "sack", > Service-Type = Login-User, > Login-Service = Telnet > > (that means, I don't want to use /etc/passwd or the > like, > the password has to be in the users file). > > > Now if I telnet to the cisco, the radius server > (started > with -X) states: > > rad_recv: Access-Request packet from host > 192.168.yyy.yyy:1645, id=39, length=106 > User-Name = "scip" > User-Password = > "\313\336\337\231:\335$2\241_\242\252\326\333W" > NAS-Port = 3 > Cisco-AVPair = "interface=tty3" > NAS-Port-Type = Virtual > Calling-Station-Id = "192.168.***.***" > Service-Type = Login-User > NAS-IP-Address = 192.168.yyy.yyy > modcall: entering group authorize > modcall[authorize]: module "preprocess" returns ok > rlm_chap: Could not find proper Chap-Password > attribute in request > modcall[authorize]: module "chap" returns noop > rlm_realm: Looking up realm NULL for User-Name = > "scip" > rlm_realm: No such realm NULL > modcall[authorize]: module "suffix" returns noop > users: Matched DEFAULT at 215 > users: Matched scip at 218 > modcall[authorize]: module "files" returns ok > modcall: group authorize returns ok > rad_check_password: Found Auth-Type Local > auth: type Local > auth: No password configured for the user > Login incorrect (No password configured for the Ofcourse you do not have a password configured for the user. "User-Password is a radcheck item and should go on the same line as the username.
> user): [scip/sack] (from client routers port 3 cli > 192.168.***.***) > auth: Failed to validate the user. > Login incorrect: [scip/sack] (from client routers > port 3 cli 192.168.***.***) > > > Here is, what I see on the cisco side: > > 20:54:06: RADIUS/ENCODE(00000024): ask "Username: " > 20:54:06: RADIUS/ENCODE(00000024): send packet; > GET_USER > bb03# > 20:54:08: RADIUS/ENCODE(00000024): ask "Password: " > 20:54:08: RADIUS/ENCODE(00000024): send packet; > GET_PASSWORD > 20:54:09: RADIUS/ENCODE(00000024): acct_session_id: > 36 > 20:54:09: RADIUS(00000024): sending > 20:54:09: RADIUS: Send to unknown id 40 > 192.168.xxx.xxx:1812, Access-Request, len 106 > 20:54:09: RADIUS: authenticator 68 7C D8 7B 7C AF > 3B 96 - 39 73 88 10 E1 3A 5E 8D > 20:54:09: RADIUS: User-Name [1] 6 > "scip" > 20:54:09: RADIUS: User-Password [2] 18 * > 20:54:09: RADIUS: NAS-Port [5] 6 3 > > 20:54:09: RADIUS: Vendor, Cisco [26] 22 > 20:54:09: RADIUS: Cisco AVpair [1] 16 > "interface=tty3" > 20:54:09: RADIUS: NAS-Port-Type [61] 6 > Virtual [5] > bb03# > 20:54:09: RADIUS: Calling-Station-Id [31] 16 > "192.168.***.***" > 20:54:09: RADIUS: Service-Type [6] 6 > Login [1] > 20:54:09: RADIUS: NAS-IP-Address [4] 6 > 192.168.yyy.yyy > bb03# > 20:54:11: RADIUS: Received from id 40 > 192.168.xxx.xxx:1812, Access-Reject, len 20 > 20:54:11: RADIUS: authenticator 8B CF FB C9 C3 5D > 00 B0 - DF BD 52 66 0A 08 C7 02 > 20:54:11: RADIUS: Received from id 24 > 20:54:11: RADIUS/DECODE: parse response short > packet; IGNORE > > > > my question: how can I get freeradius to let me > telnet into the > cisco router? why does it claim that there is no > password set, > although it's defined in the users file? > > > thanks in advance, > > Tom > > -- > Thomas Linden <[EMAIL PROTECTED]>, I Z B > Informatik-Zentrum > Muenchen-Frankfurt a.M. GmbH & Co.KG, Internet > Service Providing > OE532 Tel:089/2171-27998, Fax:089/2171-27995, > http://www.izb.de > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
