Re: R: R: cisco device says "% Backup authentication" and won't log me in

2007-04-06 Thread Dennis Skinner 
Molteni Davide wrote:
> I stopped the radiusd running as daemon and started radiusd -X Now I've no 
> error message but the problem is the same as I wrote previously on the list. 
> Users won't log in, still get duplicated requests and on cisco device

Do you have any messages in the radius output (after is completes the
startup phase)?  If not, then it is one of a few things.  Is FreeRADIUS
bound to the IP and Port that you think it is?  Is there a firewall
between the NAS and radius that is blocking the requests?  Can the NAS
ping the radius box?

In other words, this sounds network related.

-- 
Dennis Skinner
Systems Administrator
BlueFrog Internet
http://www.bluefrog.com
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

R: R: cisco device says "% Backup authentication" and won't log me in

2007-04-06 Thread Molteni Davide 
>It *should* print out why it can't bind to that port.
>
>The problem is either that there's already a server using that port,
>or that the IP address isn't local to the machine.

I stopped the radiusd running as daemon and started radiusd -X Now I've no 
error message but the problem is the same as I wrote previously on the list. 
Users won't log in, still get duplicated requests and on cisco device

000206: Apr  6 12:42:29: %RADIUS-4-RADIUS_DEAD: RADIUS server 172.25.110.8:1645,
1646 is not responding.
000207: Apr  6 12:42:29: %RADIUS-4-RADIUS_ALIVE: RADIUS server 172.25.110.8:1645
,1646 has returned.




<>- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: R: cisco device says "% Backup authentication" and won't log me in

2007-04-06 Thread Alan DeKok 
Molteni Davide wrote:
> But when I start radius with radiusd -X I get
> 
> /etc/raddb/radiusd.conf[227]: Error binding to port for 172.25.110.8:1645
> 
> What's wrong now?

  It *should* print out why it can't bind to that port.

  The problem is either that there's already a server using that port,
or that the IP address isn't local to the machine.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

R: cisco device says "% Backup authentication" and won't log me in

2007-04-06 Thread Molteni Davide 
-Messaggio originale-
Da: [EMAIL PROTECTED] per conto di Alan DeKok
Inviato: gio 05/04/2007 16.54
A: FreeRadius users mailing list
Oggetto: Re: cisco device says "% Backup authentication" and won't log me in
 
Molteni Davide wrote:
> I can't figure out what's wrong... It's seems that something missing on
> the cisco side

> Read the FAQ about the NAS not seeing the response from the server.

Ok I binded freeradius to the specific IP address of this machine, in this way 
(in radiusd.conf)

listen {
ipaddr = 172.25.110.8
port = 1645
type = auth
}

But when I start radius with radiusd -X I get

/etc/raddb/radiusd.conf[227]: Error binding to port for 172.25.110.8:1645

What's wrong now?







<>- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: cisco device says "% Backup authentication" and won't log me in

2007-04-05 Thread Alan DeKok 
Molteni Davide wrote:
> I can't figure out what's wrong... It's seems that something missing on
> the cisco side

  Read the FAQ about the NAS not seeing the response from the server.

> Is right that radius send back Access-Accept on port 21645?

  TO port 21645.  Yes, that's how it works.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

cisco device says "% Backup authentication" and won't log me in

2007-04-05 Thread Molteni Davide 
I configured freeradius on a Fedora Core 6 machine to use PAP against a cisco 
switch
radtest on localhost is successfully. I think radiusd.conf users and 
clients.conf files are ok

>From the cisco device after I insert user and password telnetting to it I got:

% Backup authentication
000206: Apr  5 12:42:29: %RADIUS-4-RADIUS_DEAD: RADIUS server 172.25.110.8:1645,
1646 is not responding.
000207: Apr  5 12:42:29: %RADIUS-4-RADIUS_ALIVE: RADIUS server 172.25.110.8:1645
,1646 has returned.

the cisco device won't let me log in... 172.25.110.8 is the right IP of the 
freeradius

And this is the freeradius server log:

rad_recv: Access-Request packet from host 172.25.110.109:21645, id=37, length=77
NAS-IP-Address = 172.25.110.109
NAS-Port = 2
NAS-Port-Type = Virtual
User-Name = "test"
Calling-Station-Id = "172.25.120.40"
User-Password = "test"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry DEFAULT at line 152
users: Matched entry test at line 218
  modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
  rad_check_password:  Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 37 to 172.25.110.109 port 21645
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.25.110.109:21645, id=37, length=77
Sending duplicate reply to client SW-DATA-1:21645 - ID: 37
Re-sending Access-Accept of id 37 to 172.25.110.109 port 21645
--- Walking the entire request list ---
Cleaning up request 0 ID 37 with timestamp 4614ef14
Nothing to do.  Sleeping until we see a request.
rad_recv: Access-Request packet from host 172.25.110.109:21645, id=37, length=77
NAS-IP-Address = 172.25.110.109
NAS-Port = 2
NAS-Port-Type = Virtual
User-Name = "test"
Calling-Station-Id = "172.25.120.40"
User-Password = "test"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module "preprocess" returns ok for request 1
  modcall[authorize]: module "chap" returns noop for request 1
  modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 1
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 1
users: Matched entry DEFAULT at line 152
users: Matched entry test at line 218
  modcall[authorize]: module "files" returns ok for request 1
modcall: leaving group authorize (returns ok) for request 1
  rad_check_password:  Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 37 to 172.25.110.109 port 21645
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.25.110.109:21645, id=37, length=77
Sending duplicate reply to client SW-DATA-1:21645 - ID: 37
Re-sending Access-Accept of id 37 to 172.25.110.109 port 21645
--- Walking the entire request list ---
Cleaning up request 1 ID 37 with timestamp 4614ef1f
Nothing to do.  Sleeping until we see a request.


I can't figure out what's wrong... It's seems that something missing on the 
cisco side
Is right that radius send back Access-Accept on port 21645? 

Thanks in advance
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html