Sorry for the resend but I didn't get anything back. Does anyone have any ideas?
On Tuesday 21 April 2009, Jeremy M. Guthrie wrote: > We are having an issue with failed logins with FreeRADIUS. The problem is > that FreeRADIUS doesn't appear to actually send a RADIUS Reject until the > second authentication request comes in. I have an IOS Router > authenticating ssh logins against freeradius. The example packets above I > am using a static username/password in the users file. I see that if I > enter the wrong password, radiusd doesn't send a NAK until the IOS router > transmits the request. There are not any delay issues with ACKs coming out > of freeradius. > > TCP Dump output: > 10:38:22.703456 IP 172.16.1.8.1645 > 172.16.2.60.1645: RADIUS, Access > Request (1), id: 0xf1 length: 103 > 10:38:38.008371 IP 172.16.1.8.1645 > 172.16.2.60.1645: RADIUS, Access > Request (1), id: 0xf1 length: 103 > 10:38:38.008588 IP 172.16.2.60.1645 > 172.16.1.8.1645: RADIUS, Access > Reject (3), id: 0xf1 length: 20 > > Does this sound familiar to anyone? Ideas? -- -------------------------------------------------- Jeremy M. Guthrie [email protected] Hosting and Managed Services Managed Cisco Security Services Technical Architect Phone: 608-298-1061 CDW Fax: 608-288-3007 5520 Research Park Drive NOC: 608-298-1102 Madison, WI 53711 NOC Email: [email protected]
signature.asc
Description: This is a digitally signed message part.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
