cisco device says "% Backup authentication" and won't log me in

Molteni Davide D.Molteni at ntsitalia.com
Thu Apr 5 15:33:56 CEST 2007 

I configured freeradius on a Fedora Core 6 machine to use PAP against a cisco switch
radtest on localhost is successfully. I think radiusd.conf users and clients.conf files are ok

>From the cisco device after I insert user and password telnetting to it I got:

% Backup authentication
000206: Apr  5 12:42:29: %RADIUS-4-RADIUS_DEAD: RADIUS server 172.25.110.8:1645,
1646 is not responding.
000207: Apr  5 12:42:29: %RADIUS-4-RADIUS_ALIVE: RADIUS server 172.25.110.8:1645
,1646 has returned.

the cisco device won't let me log in... 172.25.110.8 is the right IP of the freeradius

And this is the freeradius server log:

rad_recv: Access-Request packet from host 172.25.110.109:21645, id=37, length=77
        NAS-IP-Address = 172.25.110.109
        NAS-Port = 2
        NAS-Port-Type = Virtual
        User-Name = "test"
        Calling-Station-Id = "172.25.120.40"
        User-Password = "test"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched entry DEFAULT at line 152
    users: Matched entry test at line 218
  modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
  rad_check_password:  Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 37 to 172.25.110.109 port 21645
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.25.110.109:21645, id=37, length=77
Sending duplicate reply to client SW-DATA-1:21645 - ID: 37
Re-sending Access-Accept of id 37 to 172.25.110.109 port 21645
--- Walking the entire request list ---
Cleaning up request 0 ID 37 with timestamp 4614ef14
Nothing to do.  Sleeping until we see a request.
rad_recv: Access-Request packet from host 172.25.110.109:21645, id=37, length=77
        NAS-IP-Address = 172.25.110.109
        NAS-Port = 2
        NAS-Port-Type = Virtual
        User-Name = "test"
        Calling-Station-Id = "172.25.120.40"
        User-Password = "test"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module "preprocess" returns ok for request 1
  modcall[authorize]: module "chap" returns noop for request 1
  modcall[authorize]: module "mschap" returns noop for request 1
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 1
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 1
    users: Matched entry DEFAULT at line 152
    users: Matched entry test at line 218
  modcall[authorize]: module "files" returns ok for request 1
modcall: leaving group authorize (returns ok) for request 1
  rad_check_password:  Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 37 to 172.25.110.109 port 21645
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.25.110.109:21645, id=37, length=77
Sending duplicate reply to client SW-DATA-1:21645 - ID: 37
Re-sending Access-Accept of id 37 to 172.25.110.109 port 21645
--- Walking the entire request list ---
Cleaning up request 1 ID 37 with timestamp 4614ef1f
Nothing to do.  Sleeping until we see a request.


I can't figure out what's wrong... It's seems that something missing on the cisco side
Is right that radius send back Access-Accept on port 21645? 

Thanks in advance
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070405/18731c91/attachment.html>

More information about the Freeradius-Users mailing list