--
rad_recv: Access-Request packet from host 147.178.19.249:1063, id=5, length=68
User-Name = "laws"
User-Password = ":\337\031\027#\032\323h.y\314\302/\247\362\226"
CVPN3000-Auth-Server-Priority = 2
NAS-IP-Address = 147.178.19.249
NAS-Port-Type = Virtual
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for laws
radius_xlat: '(&(cn=laws) (iomegaServiceName=vpn))'
radius_xlat: 'o=extranet'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to openldap1.iomegacorp.com:389, authentication 0
rlm_ldap: bind as cn=manager,ou=extadmns,o=extranet/******* to openldap1.iomegacorp.com:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in o=extranet, with filter (&(cn=laws) (iomegaServiceName=vpn))
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user laws authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type LDAP
auth: type "LDAP"
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
rlm_ldap: - authenticate
rlm_ldap: login attempt by "laws" with password ": ??#? h.y /
rlm_ldap: user DN: cn=laws,ou=iomega,ou=users,o=extranet
rlm_ldap: (re)connect to openldap1.iomegacorp.com:389, authentication 1
rlm_ldap: bind as cn=laws,ou=iomega,ou=users,o=extranet/: ??#? h.y / ? to openldap1.iomegacorp.com:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind failed with invalid credentials
modcall[authenticate]: module "ldap" returns reject for request 0
modcall: group Auth-Type returns reject for request 0
auth: Failed to validate the user.
WARNING: Unprintable characters in the password. ? Double-check the shared secret on the server and the NAS!
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 5 to 147.178.19.249:1063
Waking up in 4 seconds...
--- Walking the entire request list ---
--
Any other ideas based on this?
Seth Law System & Security Administrator Iomega Corporation [EMAIL PROTECTED]
Michael Griego wrote:
If your Concentrator sends the password in the User-Password attribute (as opposed to using MS-CHAP attributs or such), that gets encrypted with the shared secret. So, as long as the shared secret exists on both ends and it matches exactly on both ends, you should be good. Beyond that, you'll have to post debugging output in order to see what's happening.
--Mike
----------------------------------- Michael Griego Wireless LAN Project Manager The University of Texas at Dallas
On Mon, 28 Jun 2004, Seth Law wrote:
Mike:
I've done this, but am still getting strange results. What else I can check?
--seth
Michael Griego wrote:
Check your shared secret between FR and the Concentrator.
--Mike
----------------------------------- Michael Griego Wireless LAN Project Manager The University of Texas at Dallas
On Mon, 28 Jun 2004, Seth Law wrote:
I'm trying to get a Cisco 3030 to authenticate against FreeRADIUS. How does a Cisco VPN concentrator encrypt the password to send it to the radius server? I keep getting a bogus string. Any help is greatly appreciated.
--seth
-- Seth Law [EMAIL PROTECTED]
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
