Hi all,
Does anyone have any sample configurations for
using freeradius with Cisco ??
I want to use the freeradius to authenticate access to the routers
I am running version 0.8.1 on Solaris 8 and am having
trouble with the clients.conf, users, proxy.conf, radiusd.conf files
I just want to check that I am doing things right.
( never said I was any good at this radius stuff)
Here is a radtest....
radtest test test 192.168.1.1:1645 10 testkey
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.1:58254, id=14,
length=55
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 255.255.255.255
NAS-Port = 10
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
modcall[authorize]: module "mschap" returns notfound
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched test at 90
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 14 to 192.168.1.1:58254
Service-Type = NAS-Prompt-User
Login-Service = Telnet
Login-TCP-Port = Telnet
Finished request 0
Here is the output from the command line
radtest test test 192.168.1.1:1645 10 testkey
Sending Access-Request of id 254 to 129.145.80.71:1645
User-Name = "test"
User-Password = "\264\366(CG\222\241q\274>\210f\217\245\261["
NAS-IP-Address = 192.168.1.1
NAS-Port = 10
rad_recv: Access-Accept packet from host 192.168.1.1:1645, id=254, length=38
Service-Type = NAS-Prompt-User
Login-Service = Telnet
Login-TCP-Port = Telnet
Now a login attempt which fails.....
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=69, length=76
NAS-IP-Address = 192.168.1.20
NAS-Port = 66
NAS-Port-Type = Virtual
User-Name = "test"
Calling-Station-Id = "192.168.1.1"
User-Password =
"\267\013\211\300\027\332\235\001\324\322\263iQ\320\334"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
modcall[authorize]: module "mschap" returns notfound
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 159
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type System
auth: type "System"
modcall: entering group authenticate
rlm_unix: [test]: invalid password
modcall[authenticate]: module "unix" returns reject
modcall: group authenticate returns reject
auth: Failed to validate the user.
WARNING: Unprintable characters in the password. ? Double-check the
shared secret on the server and the NAS!
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 69 to 192.168.1.20:1645
Waking up in 4 seconds...
Nothing to do. Sleeping until we see a request.
It seems to be trying to use the unix password even though I
have a password for it in the raddb/users file
Also the shared secret is correct for the server and the NAS
but it complains...
Any help would be appreciated.
-Thanks Vic
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
