You will need to read the switch documentation to see what attributes do you need to return in order to connect. Mostly it's returning the correct Service-Type attribute.
Ivan Kalik Kalik Informatika ISP Dana 18/6/2008, "Guk Viktor" <[EMAIL PROTECTED]> piše: >By thanks for help, I was dismantled. But another problem arose. > >Radius answers: >modcall: entering group authenticate for request 0 > HASH: user admin found in hashtable bucket 45083 > modcall[authenticate]: module "unix" returns ok for request 0 >modcall: leaving group authenticate (returns ok) for request 0 >Login OK: [admin/admin] (from client 10.0.1.2 port 117616641 cli >0000-0000-0000) >Sending Access-Accept of id 19 to 10.0.1.2 port 5007 > 3Com-User-Access-Level = Administrator >Finished request 0 > >But I cannot be connected on telnet. Now switch(3com 5500-EI) answers >that incorrect password: >Username:admin >Password: >% Login failed! >> Prompt, what to make in that case. In the file /etc/passwd there is >> >this line of " admin:x:500:500::/home/admin:/bin/bash ". How it >> >is necessary to assign password? >> > >> > >> >Message: 4 >> >Date: Tue, 17 Jun 2008 09:33:31 +0100 >> >From: "Ivan Kalik" <[EMAIL PROTECTED]> >> >Subject: Re: Problem in connecting to switch on telnet >> >To: "FreeRadius users mailing list" >> > <[email protected]> >> >Message-ID: <[EMAIL PROTECTED]> >> >Content-Type: text/plain; charset=ISO-8859-2 >> > >> >You have deleted the part of the debug which tells how is Auth-Type set. >> >Post the whole thing. BTW, now you do have admin account in /etc/passwd >> >but the password is wrong. It's still not using password from the users >> >file. >> > >> >Ivan Kalik >> >Kalik Informatika ISP >> > >> > >> >Dana 17/6/2008, "Guk Viktor" <[EMAIL PROTECTED]> pi?e: >> > >> > >> > >> > It tried without Auth-Type = System, also tried Auth-Type = Local. >> > >> >Processing the authenticate section of radius.conf >> >modcall: entering group authenticate for request 0 >> >rlm_unix: [admin]: invalid password >> >modcall[authenticate]: module "unix" returns reject for request 0 >> >modcall: leaving group authenticate (returns reject) for request 0 >> >auth: Failed to validate the user. >> >Login incorrect: [admin/admin] (from client 10.0.1.2 port 117612545 cli >> >0000-0000-0000) >> > >> > >> > Message: 4 Date: Fri, 13 Jun 2008 15:38:57 +0100 From: "Ivan Kalik" >> ><[EMAIL PROTECTED]> Subject: Re: Problem in connecting to switch on telnet >> >To: "FreeRadius users mailing list" >> ><[email protected]> Message-ID: >> ><[EMAIL PROTECTED]> Content-Type: >> >text/plain; charset=ISO-8859-2 You are setting up the wrong >> >authentication type. Remove Auth-Type =System from user configuration. >> >1.1.3 is old. I am not sure do you need to set Auth-Type there. If it >> >doesn't work without it set Auth-Type = Local. Ivan Kalik Kalik >> >Informatika ISP Dana 13/6/2008, "Guk Viktor" <[EMAIL PROTECTED]> pi?e: >> > >> > >> > >> > >> > >> > >> > >> > >> >Hello, >> > >> >I have freeradius-1.1.3 and 3com switch 5500-EI. On the >> >switch is disposed the access of users into the network through >> >freeradius. Arose problem in >> >connecting to switch on telnet. In the log freeradius it is indicated >> >that the incorrect password (however password I introduce correctly). >> > >> >rad_recv: Access-Request packet from host 10.0.1.2:5007, id=1, >> >length=203 >> >??????? User-Name = "admin" >> >??????? User-Password = "admin" >> >??????? NAS-IP-Address = 10.0.1.2 >> >??????? NAS-Identifier = "001ac1d4ee42" >> >??????? NAS-Port = 117612545 >> >??????? NAS-Port-Id = "unit=7;subslot=0;port=42;vlanid=1" >> >??????? NAS-Port-Type = Ethernet >> >??????? Service-Type = Login-User >> >??????? Login-IP-Host = 10.0.1.2 >> >??????? Calling-Station-Id = "0000-0000-0000" >> >??????? Framed-IP-Address = 10.0.1.100 >> >??????? Vendor-25506-Attr-26 = 0x00000003 >> >??????? Vendor-25506-Attr-255 = 0x353530302d4549 >> >??????? Vendor-25506-Attr-60 = >> >0x31302e302e312e3130302030303a30303a30303a30303a30303a3030 >> >??????? Vendor-25506-Attr-59 = 0x38e68c68 >> >? Processing the authorize section of radiusd.conf >> >modcall: entering group authorize for request 0 >> >? modcall[authorize]: module "mschap" returns noop for request 0 >> >??? rlm_realm: No '\' in User-Name = "admin", looking up realm NULL >> >??? rlm_realm: No such realm "NULL" >> >? modcall[authorize]: module "ntdomain" returns noop for request 0 >> >? rlm_eap: No EAP-Message, not doing EAP >> >? modcall[authorize]: module "eap" returns noop for request 0 >> >??? users: Matched entry DEFAULT at line 152 >> >??? users: Matched entry admin at line 216 >> >? modcall[authorize]: module "files" returns ok for request 0 >> >modcall: leaving group authorize (returns ok) for request 0 >> >? rad_check_password:? Found Auth-Type System >> >auth: type "System" >> >? Processing the authenticate section of >> >radiusd.conf >> >modcall: entering group authenticate for request 0 >> >? modcall[authenticate]: module "unix" returns notfound for request 0 >> >modcall: leaving group authenticate (returns notfound) for request 0 >> >auth: Failed to validate the user. >> >Login incorrect: [admin/admin] (from >> >client 10.0.1.2 port 117612545 cli 0000-0000-0000) >> >Delaying request 0 for 1 seconds >> >Finished request 0 >> > >> >Users: >> >admin?? Auth-Type = System, User-Password == "admin" >> >??? ?? 3Com-User-Access-Level = Administrator >> > >> >eap.conf: >> >eap{ >> >??? default_eap_type = peap >> >??? timer_expire = 60 >> >??? ignore_unknown_eap_type = no >> >??? cisco_accounting_username_bug = no >> >??? >> >??? md5{ >> >??? ?? } >> > >> >??? leap{ >> >??? ?? } >> > >> >??? gtc{ >> >??? ?? auth_type = PAP >> >??? ?? } >> > >> >??? peap{ >> >??? ?? default_eap_type = mschapv2 >> >??? ?? use_tunneled_reply = yes >> >??? ?? } >> > >> >??? mschapv2{ >> >??? ?? } >> >??? } >> > >> >It can possibly use a local authorization to switch on telnet, >> >without freeradius. >> > >> >Viktor Guk >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
