Notice the first request that comes from the 10.2.0.69...It is using the test aaa-server from the PIX itself. The other 2 are when I am connecting to the VPN client and trying to authenicate. It says Auth Type unknown. Any ideas Alan? Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: ../etc/raddb/proxy.conf Config: including file: ../etc/raddb/clients.conf Config: including file: ../etc/raddb/snmp.conf Config: including file: ../etc/raddb/eap.conf Config: including file: ../etc/raddb/sql.conf main: prefix = ".." main: localstatedir = "../var" main: logdir = "../var/log/radius" main: libdir = "../lib" main: radacctdir = "../var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = yes main: log_file = "../var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = "../var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "../bin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is ../lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "../var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "tls" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "../etc/raddb/certs/FreeRADIUS.net/DemoCerts/FreeRADIUS.net-Server.pem" tls: certificate_file = "../etc/raddb/certs/FreeRADIUS.net/DemoCerts/FreeRADIUS.net-Server.crt" tls: CA_file = "../etc/raddb/certs/FreeRADIUS.net/DemoCerts/FreeRADIUS.net-Root.crt" tls: private_key_password = "demo" tls: dh_file = "../etc/raddb/certs/FreeRADIUS.net/DemoCerts/dh" tls: random_file = "../etc/raddb/certs/FreeRADIUS.net/DemoCerts/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "%{User-Name}" rlm_eap: Loaded and initialized type tls ttls: default_eap_type = "md5" ttls: copy_request_to_tunnel = no ttls: use_tunneled_reply = no rlm_eap: Loaded and initialized type ttls peap: default_eap_type = "mschapv2" peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "../etc/raddb/huntgroups" preprocess: hints = "../etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "../etc/raddb/users" files: acctusersfile = "../etc/raddb/acct_users" files: preproxy_usersfile = "../etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "../var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "../var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 10.2.0.69:1025, id=85, length=93 User-Name = "tripp" User-Password = "tripp" NAS-IP-Address = 10.2.0.69 NAS-Port-Type = Virtual Cisco-AVPair = "ip:source-ip=000.000.000.000" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "tripp", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry tripp at line 224 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password matches local User-Password Login OK: [tripp/tripp] (from client BorderPatrol port 0) Sending Access-Accept of id 85 to 10.2.0.69:1025 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 85 with timestamp 43cd26ed Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.2.0.69:1025, id=86, length=154 User-Name = "tripp" User-Password = "tripp" NAS-Port = 739 Service-Type = Framed-User Framed-Protocol = PPP Called-Station-Id = "68.208.135.26" Calling-Station-Id = "24.73.134.236" Tunnel-Client-Endpoint:0 = "24.73.134.236" NAS-IP-Address = 10.2.0.69 NAS-Port-Type = Virtual Cisco-AVPair = "ip:source-ip=24.73.134.236" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "tripp", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 1 users: Matched entry DEFAULT at line 179 users: Matched entry DEFAULT at line 191 modcall[authorize]: module "files" returns ok for request 1 modcall: group authorize returns ok for request 1 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [tripp/tripp] (from client BorderPatrol port 739 cli 24.73.134.236) Delaying request 1 for 1 seconds Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 86 to 10.2.0.69:1025 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 86 with timestamp 43cd273a Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.2.0.69:1025, id=87, length=154 User-Name = "tripp" User-Password = "tripp" NAS-Port = 739 Service-Type = Framed-User Framed-Protocol = PPP Called-Station-Id = "68.208.135.26" Calling-Station-Id = "24.73.134.236" Tunnel-Client-Endpoint:0 = "24.73.134.236" NAS-IP-Address = 10.2.0.69 NAS-Port-Type = Virtual Cisco-AVPair = "ip:source-ip=24.73.134.236" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "tripp", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 2 users: Matched entry DEFAULT at line 179 users: Matched entry DEFAULT at line 191 modcall[authorize]: module "files" returns ok for request 2 modcall: group authorize returns ok for request 2 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [tripp/tripp] (from client BorderPatrol port 739 cli 24.73.134.236) Delaying request 2 for 1 seconds Finished request 2 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 87 to 10.2.0.69:1025 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 2 ID 87 with timestamp 43cd2740 Nothing to do. Sleeping until we see a request. Terminate batch job (Y/N)? -----Original Message----- From: freeradius-users-bounces+tripp=dmenet.com@lists.freeradius.org [mailto:freeradius-users-bounces+tripp=dmenet.com@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Monday, January 16, 2006 10:33 PM To: FreeRadius users mailing list Subject: Re: CIsco Pix and FreeRadius.... "Sills, Tripp" <tripp@dmenet.com> wrote:
It says Auth-Type found Local but when I run with the VPN client it says unknown auth type. Please any help would be great!
Help us help you. Read the README, INSTALL, and FAQ. Then follow the instructions there for debugging the server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html