Just goes to show that paid support isn't all that it's cracked up to be.
I opened a Cisco TAC case on this kind of issue over a year ago, and had
Cisco TAC swear up and DOWN it wasn't possible to authenticate to the http
server w/o using TACACS.
I didn't believe them at the time,but I didn't really give a flying flip
(I was just messing around and don't use http configuration interfaces if
I can avoid them), and had wasted enough time so I let the issue drop.
Good to know I was right in suspecting the TAC guy was full of s**t.
Vincent Giovannone
Network Infrastructure Group
Information Services Division
Rush University Medical Center
"A four-year-old will very quickly get over news of the death of Santa if
told that it was due to his fully loaded sleigh crashing in the back
garden."
-- Mil Millington
"Ville Leinonen" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
09/26/2003 12:18 AM
Please respond to
[EMAIL PROTECTED]
To
[EMAIL PROTECTED]
cc
Subject
Freeradius and Cisco C2950G (http server problem)
Hi!
I have a little problem with my Cisco switch. I can log in with telnet and
freeradius says ok you can log in.
But when i try to log in via http freeradius says ok, but cisco would not
let me in. I have configure ip http authentication aaa.
Here is freeradius log when i try to get in vie http.
rad_recv: Access-Request packet from host xx.xx.xx.xx:1812, id=117,
length=81
NAS-IP-Address = xx.xx.xx.xx
NAS-Port = 2
NAS-Port-Type = Virtual
User-Name = "zzzzzz"
Calling-Station-Id = "xx.xx.xx.xx"
User-Password = "xxxxxxxx"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "chap" returns noop
rlm_eap: EAP-Message not found
modcall[authorize]: module "eap" returns noop
rlm_realm: No '@' in User-Name = "xxxxxxxx", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 154
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "mschap" returns noop
radius_xlat: 'xxxxxxxx'
rlm_sql (sql): sql_set_user escaped user --> 'xxxxxxxx'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'xxxxxxxx' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 0
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'xxxxxxxx' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'xxxxxxxx' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'xxxxxxxx' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 0
modcall[authorize]: module "sql" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Login OK: [xxxxxxxx/yyyyyyyy] (from client radtest port 2 cli xx.xx.xx.xx)
Sending Access-Accept of id 117 to xx.xx.xx.xx:1812
Service-Type := NAS-Prompt-User
Finished request 9
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 9 ID 117 with timestamp 3f73cb8e
Nothing to do. Sleeping until we see a request.
Any suggestion what i do wrong?
Best regards,
Ville Leinonen
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
