Hi
I have instaleld xsupplicant version 0.8b and freeradius 0.9.3 on gentoo
linux (from portage). I am trying to make my Linux system auth to a Cisco
3550 switch.
1. radius configuration
- I have removed any trace of "unix" module (it didnt worked, probably
something to do with radius running as radiusd/radiusd)
- I have eap module as from the default radiusd.conf file
- I have configured in clients.conf the autheticator with "test123"
secret, nastype cisco
- in users I have this entry before any "DEFAULT" ones:
dizzy Auth-Type += Local, User-Password = "parola"
2. authenticator configuration:
- #sh dot1x
Sysauthcontrol = Enabled
Dot1x Protocol Version = 1
Dot1x Oper Controlled Directions = Both
Dot1x Admin Controlled Directions = Both
- #sh running-config interface fastEthernet 0/10
Building configuration...
Current configuration : 110 bytes
!
interface FastEthernet0/10
switchport access vlan 2
switchport mode access
dot1x port-control auto
end
- I have configured radius-server with test123 key
3. client configuration
- eth1 is directly linked to interface 0/10 of the cisco switch
I run xsupplicant like:
# xsupplicant -i eth1 -u dizzy -p parola -d 255 -m MD5
And I get:
(EAPMD5) Initalized
(EAPMS-CHAP) Initalized
Done with init.
Sending EAPOL-Start #1
## eap_decode_packet ##: Got an EAP request
## eap_decode_packet ##: Type is Identity
Connection Established, authenticating...
ACQUIRED
## eap_decode_packet ##: Got an EAP failure
Failed to Authenticate
CONNECTING
RADIUS log says:
rad_recv: Access-Request packet from host <ip-cisco-removed>:1812, id=24,
length=100
NAS-IP-Address = <ip-cisco-removed>
NAS-Port-Type = Async
User-Name = "dizzy"
Service-Type = Framed-User
Framed-MTU = 1500
Calling-Station-Id = "00-50-8d-f9-2a-e8"
EAP-Message = 0x0200000a0164697a7a79
Message-Authenticator = 0x605f11bd6926fbbe39dd75d41070183e
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_eap: EAP packet type notification id 0 length 10
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 0
rlm_realm: No '@' in User-Name = "dizzy", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
users: Matched dizzy at 148
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
rad_check_password: Found Auth-Type Local
Warning: Found 2 auth-types on request for user 'dizzy'
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 24 to <ip-cisco-removed>:1812
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 24 with timestamp 405ee145
Nothing to do. Sleeping until we see a request.
Any ideea why it doesnt work ? Please tell me if you need any more
information, thanks!
--
Mihai RUSU Email: [EMAIL PROTECTED]
GPG : http://dizzy.roedu.net/dizzy-gpg.txt WWW: http://dizzy.roedu.net
"Linux is obsolete" -- AST
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
