Problem: switch authentication against Freeradius server
Roberto Carna
robertocarna36 at gmail.com
Thu May 23 15:34:14 CEST 2013
Dear, I've implemented Linux SSH authentication using PAM against a
Freeradius server, it was OK !!!
But know I'm trying to authenticate some Allied switch users against the
same Freeradius server...in the Allied switch I've defined the radius
server IP, port and secret, and when I try to telnet this switch from other
computer I fail and get this Freeradius log:
rad_recv: Access-Request packet from host 10.4.133.254 port 49154, id=0,
length=76
User-Name = "bapro2"
User-Password = "&kq\356\275`_R\005\034\262m\263-\r\275"
Cisco-AVPair = "shell:priv-lvl=1"
NAS-IP-Address = 10.4.133.254
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "bapro2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql] expand: %{User-Name} -> bapro2
[sql] sql_set_user escaped user --> 'bapro2'
rlm_sql (sql): Reserving sql socket id: 0
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY
id -> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'bapro2' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER BY
id -> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'bapro2' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username = 'bapro2'
ORDER BY priority
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "&kqî½`_R??²m³- ½"
[pap] Using clear text password "1234"
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
WARNING: Unprintable characters in the password. Double-check the shared
secret on the server and the NAS!
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> bapro2
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 3 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 3
Sending Access-Reject of id 0 to 10.4.133.254 port 49154
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.4.133.254 port 49154, id=0,
length=76
Sending duplicate reply to client SWITCH port 49154 - ID: 0
Sending Access-Reject of id 0 to 10.4.133.254 port 49154
Waking up in 3.0 seconds.
rad_recv: Access-Request packet from host 10.4.133.254 port 49154, id=0,
length=76
Sending duplicate reply to client SWITCH port 49154 - ID: 0
Sending Access-Reject of id 0 to 10.4.133.254 port 49154
Cleaning up request 3 ID 0 with timestamp +368
Ready to process requests.
I see this line is completed with a wrong or cipher password, I don't know
why:
[pap] login attempt with password "&kqî½`_R??²m³- ½"
Please can you guide me in this problem ???
Really thanks,
Roberto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130523/ee697740/attachment-0001.html>
More information about the Freeradius-Users
mailing list