ciao artur
Mihai RUSU wrote:
Hi again
Sorry for the SPAM, I solved my problem after a while, the solution was to have a line like this in users:
dizzy Auth-Type := EAP, User-Password = "parola"
On Mon, 22 Mar 2004, Mihai RUSU wrote:
Hi
I have instaleld xsupplicant version 0.8b and freeradius 0.9.3 on gentoo linux (from portage). I am trying to make my Linux system auth to a Cisco 3550 switch.
1. radius configuration
- I have removed any trace of "unix" module (it didnt worked, probably something to do with radius running as radiusd/radiusd)
- I have eap module as from the default radiusd.conf file
- I have configured in clients.conf the autheticator with "test123" secret, nastype cisco
- in users I have this entry before any "DEFAULT" ones:
dizzy Auth-Type += Local, User-Password = "parola"
2. authenticator configuration: - #sh dot1x Sysauthcontrol = Enabled Dot1x Protocol Version = 1 Dot1x Oper Controlled Directions = Both Dot1x Admin Controlled Directions = Both - #sh running-config interface fastEthernet 0/10 Building configuration...
Current configuration : 110 bytes ! interface FastEthernet0/10 switchport access vlan 2 switchport mode access dot1x port-control auto end
- I have configured radius-server with test123 key
3. client configuration - eth1 is directly linked to interface 0/10 of the cisco switch
I run xsupplicant like: # xsupplicant -i eth1 -u dizzy -p parola -d 255 -m MD5
And I get: (EAPMD5) Initalized (EAPMS-CHAP) Initalized Done with init. Sending EAPOL-Start #1 ## eap_decode_packet ##: Got an EAP request ## eap_decode_packet ##: Type is Identity Connection Established, authenticating... ACQUIRED ## eap_decode_packet ##: Got an EAP failure Failed to Authenticate CONNECTING
RADIUS log says:
rad_recv: Access-Request packet from host <ip-cisco-removed>:1812, id=24, length=100
NAS-IP-Address = <ip-cisco-removed>
NAS-Port-Type = Async
User-Name = "dizzy"
Service-Type = Framed-User
Framed-MTU = 1500
Calling-Station-Id = "00-50-8d-f9-2a-e8"
EAP-Message = 0x0200000a0164697a7a79
Message-Authenticator = 0x605f11bd6926fbbe39dd75d41070183e
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_eap: EAP packet type notification id 0 length 10
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 0
rlm_realm: No '@' in User-Name = "dizzy", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
users: Matched dizzy at 148
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
rad_check_password: Found Auth-Type Local
Warning: Found 2 auth-types on request for user 'dizzy'
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 24 to <ip-cisco-removed>:1812
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 24 with timestamp 405ee145
Nothing to do. Sleeping until we see a request.
Any ideea why it doesnt work ? Please tell me if you need any more information, thanks!
-- Mihai RUSU Email: [EMAIL PROTECTED] GPG : http://dizzy.roedu.net/dizzy-gpg.txt WWW: http://dizzy.roedu.net "Linux is obsolete" -- AST
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
