Dear, I've implemented Linux SSH authentication using PAM against a Freeradius server, it was OK !!! But know I'm trying to authenticate some Allied switch users against the same Freeradius server...in the Allied switch I've defined the radius server IP, port and secret, and when I try to telnet this switch from other computer I fail and get this Freeradius log: rad_recv: Access-Request packet from host 10.4.133.254 port 49154, id=0, length=76 User-Name = "bapro2" User-Password = "&kq\356\275`_R\005\034\262m\263-\r\275" Cisco-AVPair = "shell:priv-lvl=1" NAS-IP-Address = 10.4.133.254 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "bapro2", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop [sql] expand: %{User-Name} -> bapro2 [sql] sql_set_user escaped user --> 'bapro2' rlm_sql (sql): Reserving sql socket id: 0 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'bapro2' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'bapro2' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'bapro2' ORDER BY priority rlm_sql (sql): Released sql socket id: 0 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group PAP {...} [pap] login attempt with password "&kqî½`_R??²m³- ½" [pap] Using clear text password "1234" [pap] Passwords don't match ++[pap] returns reject Failed to authenticate the user. WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> bapro2 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 3 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 3 Sending Access-Reject of id 0 to 10.4.133.254 port 49154 Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.4.133.254 port 49154, id=0, length=76 Sending duplicate reply to client SWITCH port 49154 - ID: 0 Sending Access-Reject of id 0 to 10.4.133.254 port 49154 Waking up in 3.0 seconds. rad_recv: Access-Request packet from host 10.4.133.254 port 49154, id=0, length=76 Sending duplicate reply to client SWITCH port 49154 - ID: 0 Sending Access-Reject of id 0 to 10.4.133.254 port 49154 Cleaning up request 3 ID 0 with timestamp +368 Ready to process requests. I see this line is completed with a wrong or cipher password, I don't know why: [pap] login attempt with password "&kqî½`_R??²m³- ½" Please can you guide me in this problem ??? Really thanks, Roberto