Hello,
I have freeradius-1.1.3 and 3com switch 5500-EI. On the
switch is disposed the access of users into the network through
freeradius. Arose problem in
connecting to switch on telnet. In the log freeradius it is indicated
that the incorrect password (however password I introduce correctly).
rad_recv: Access-Request packet from host 10.0.1.2:5007, id=1,
length=203
User-Name = "admin"
User-Password = "admin"
NAS-IP-Address = 10.0.1.2
NAS-Identifier = "001ac1d4ee42"
NAS-Port = 117612545
NAS-Port-Id = "unit=7;subslot=0;port=42;vlanid=1"
NAS-Port-Type = Ethernet
Service-Type = Login-User
Login-IP-Host = 10.0.1.2
Calling-Station-Id = "0000-0000-0000"
Framed-IP-Address = 10.0.1.100
Vendor-25506-Attr-26 = 0x00000003
Vendor-25506-Attr-255 = 0x353530302d4549
Vendor-25506-Attr-60 =
0x31302e302e312e3130302030303a30303a30303a30303a30303a3030
Vendor-25506-Attr-59 = 0x38e68c68
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '\' in User-Name = "admin", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "ntdomain" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry DEFAULT at line 152
users: Matched entry admin at line 216
modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type System
auth: type "System"
Processing the authenticate section of
radiusd.conf
modcall: entering group authenticate for request 0
modcall[authenticate]: module "unix" returns notfound for request 0
modcall: leaving group authenticate (returns notfound) for request 0
auth: Failed to validate the user.
Login incorrect: [admin/admin] (from
client 10.0.1.2 port 117612545 cli 0000-0000-0000)
Delaying request 0 for 1 seconds
Finished request 0
Users:
admin Auth-Type = System, User-Password == "admin"
3Com-User-Access-Level = Administrator
eap.conf:
eap{
default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_type = no
cisco_accounting_username_bug = no
md5{
}
leap{
}
gtc{
auth_type = PAP
}
peap{
default_eap_type = mschapv2
use_tunneled_reply = yes
}
mschapv2{
}
}
It can possibly use a local authorization to switch on telnet,
without freeradius.
Viktor Guk