Freeradius+Java application api call and authenticate

tnt at kalik.net tnt at kalik.net
Thu Mar 12 11:06:48 CET 2009


>also i am going thru the documentation part of jradius to imply? can anyone
>of you suggest me whether i am in right direction?
>

If you want to use Java that is a good way.

>> now by
>> making the ACS to do proxying at network configuration, i can see the
>> request

Well, we don't. Post the debug *with* the request.

>> is flowing to freeradius from ACS, and the freeradius does
>> ""
>> [chap] rlm_chap: Attribute "User-Name" is required for authentication.
>> ++[chap] returns invalid
>> Failed to authenticate the user.
>> Using Post-Auth-Type Reject
>> +- entering group REJECT {...}
>> [attr_filter.access_reject]     expand: %{User-Name} ->
>> ++[attr_filter.access_reject] returns noop
>> Delaying reject of request 27 for 1 seconds
>>

It's quite likely that it wasn't a chap request to start with. You are
forcing Auth-Type CHAP onto something that isn't chap.

>> ""
>>
>> after a while it says
>>
>> ""
>> [pap] Found existing Auth-Type, not changing it.
>> ++[pap] returns noop
>> Found Auth-Type = CHAP
>> +- entering group CHAP {...}
>> [chap] login attempt by "Doe" with CHAP password
>> [chap] Using clear text password "hello" for user Doe authentication.
>> [chap] chap user Doe authenticated succesfully
>> ++[chap] returns ok
>> +- entering group post-auth {...}
>> ++[exec] returns noop
>> Sending Access-Accept of id 63 to
>>
>> ""

That looks fine. But you might need to return things like Service-Type in
the Access-Accept. You will need to read Cisco documentation to see what
is need for making a connection.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list