problem with test aaa-server in ciscoasa

studyfordo studyfordo at 163.com
Fri Nov 23 11:47:44 CET 2012


Hi,all
    I have install freeradius-server-2.2.0, and make test such as ./ratest test test 127.0.0.1 0 testing123.
 the result is ok.
so i ass user tsb to users file as following format.
tsb  Auth-Type := Local, User-Password == "12345678"
and  add asa ip to clients.

 client  X.X.X.X{
        secret          = testvpn
        shortname       =asa5520      }
 
complete this  I do testing in asa5520 like this
test asa-server authencation  RadiusVPN host X.X.X.X username tsb password 12345678
hint  Authentication Rejected: AAA failure 
I debug it. the folloing is details.
FO: Attempting Authentication test to IP address <192.168.4.145> (timeout: 12 seconds)
radius mkreq: 0xbeaf
alloc_rip 0x74e172b4
    new request 0xbeaf --> 68 (0x74e172b4)
got user 'tsb'
got password
add_req 0x74e172b4 session 0xbeaf id 68
RADIUS_REQUEST
radius.c: rad_mkpkt
RADIUS packet decode (authentication request)
--------------------------------------
Raw packet data (length = 61).....
01 44 00 3d 96 17 04 ed 22 b3 70 e9 6e 0f 9c a5    |  .D.=....".p.n...
7a 2b 88 21 01 05 74 73 62 02 12 c1 64 1a 52 c7    |  z+.!..tsb...d.R.
3f 73 72 16 82 39 8a 0a e0 24 20 04 06 c0 a8 1e    |  ?sr..9...$ .....
fe 05 06 00 00 00 3c 3d 06 00 00 00 05             |  ......<=.....
Parsed packet data.....
Radius: Code = 1 (0x01)
Radius: Identifier = 68 (0x44)
Radius: Length = 61 (0x003D)
Radius: Vector: 961704ED22B370E96E0F9CA57A2B8821
Radius: Type = 1 (0x01) User-Name
Radius: Length = 5 (0x05)
Radius: Value (String) =
74 73 62                                           |  tsb
Radius: Type = 2 (0x02) User-Password
Radius: Length = 18 (0x12)
Radius: Value (String) =
c1 64 1a 52 c7 3f 73 72 16 82 39 8a 0a e0 24 20    |  .d.R.?sr..9...$
Radius: Type = 4 (0x04) NAS-IP-Address
Radius: Length = 6 (0x06)
Radius: Value (IP Address) = 192.168.30.254 (0xC0A81EFE)
Radius: Type = 5 (0x05) NAS-Port
Radius: Length = 6 (0x06)
Radius: Value (Hex) = 0x3C
Radius: Type = 61 (0x3D) NAS-Port-Type
Radius: Length = 6 (0x06)
Radius: Value (Hex) = 0x5
send pkt 192.168.4.145/1812
rip 0x74e172b4 state 7 id 68
rad_vrfy() : response message verified
rip 0x74e172b4
 : chall_state ''
 : state 0x7
 : reqauth:
     96 17 04 ed 22 b3 70 e9 6e 0f 9c a5 7a 2b 88 21
 : info 0x74e173ec
     session_id 0xbeaf
     request_id 0x44
     user 'tsb'
     response '***'
     app 0
     reason 0
     skey 'testvpn'
     sip 192.168.4.145
     type 1
RADIUS packet decode (response)
--------------------------------------
Raw packet data (length = 20).....
03 44 ERROR: Authentication Rejected: AAA failure
TSBA6-5520-Int# 00 14 35 f4 1a 63 3a 45 ca bd 4f 52 85 73    |  .D..5..c:E..OR.s
5c e2 f2 22                                        |  \.."
Parsed packet data.....
Radius: Code = 3 (0x03)
Radius: Identifier = 68 (0x44)
Radius: Length = 20 (0x0014)
Radius: Vector: 35F41A633A45CABD4F5285735CE2F222
rad_procpkt: REJECT
RADIUS_DELETE
remove_req 0x74e172b4 session 0xbeaf id 68
free_rip 0x74e172b4
radius: send queue empty
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20121123/b0ccbada/attachment-0001.html>


More information about the Freeradius-Users mailing list