Hi all, I'm sorry if i'm double posting (Im not sure if the first message was sent correctly..Sorry if it's the second time you received this message..) When i connect with unix/localuser via telnet on my baystack switch i received message (Access Denied from Radius server) I take a look on log's from radius server and i see this; rad_recv: Access-Request packet from host 192.168.1.210 port 2048, id=13, length=59 NAS-IP-Address = 192.168.1.210 User-Password = "********" Service-Type = Administrative-User User-Name = "francis" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "francis", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated rad_check_password: Found Auth-Type auth: type "PAP" +- entering group PAP rlm_pap: login attempt with password "***********" rlm_pap: Using CRYPT encryption. rlm_pap: User authenticated successfully ++[pap] returns ok Login OK: [francis/*********] (from client switch port 0) Sending Access-Accept of id 13 to 192.168.1.210 port 2048 Finished request 0. Going to the next request Waking up in 0.9 seconds. Waking up in 3.9 seconds. Cleaning up request 0 ID 13 with timestamp +970 Ready to process requests. Some one understand what is going wrong with this? Why i cannot log on the switch if the username/password is ok an authenticate? Thanks for your help. Francis Provencher Ministère de la Sécurité publique du Québec Direction des technologies de l'information Division de la sécurité informatique Tél: 1 418 646-3258 BlackBery; 1 418 473 6419 Courriel: Francis.provencher@Msp.gouv.qc.ca CEH - Certified Ethical Hackers SSCP - System Security Certified Practitionner Sec+ - Security +
FRANCIS PROVENCHER wrote:
When i connect with unix/localuser via telnet on my baystack switch i received message (Access Denied from Radius server)
Because the Access-Accept is empty. The switch likely needs some attributes in the Access-Accept in order to allow access. See the switch documentation for more details. Alan DeKok.
You need Service-Type = Administrative-User in reply as well. Add that to user entry. Ivan Kalik Kalik Informatika ISP Dana 4/4/2008, "FRANCIS PROVENCHER" <francis.provencher@msp.gouv.qc.ca> piše:
Hi all,
I'm sorry if i'm double posting (Im not sure if the first message was sent correctly..Sorry if it's the second time you received this message..)
When i connect with unix/localuser via telnet on my baystack switch i received message (Access Denied from Radius server)
I take a look on log's from radius server and i see this;
rad_recv: Access-Request packet from host 192.168.1.210 port 2048, id=13, length=59 NAS-IP-Address = 192.168.1.210 User-Password = "********" Service-Type = Administrative-User User-Name = "francis" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "francis", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated rad_check_password: Found Auth-Type auth: type "PAP" +- entering group PAP rlm_pap: login attempt with password "***********" rlm_pap: Using CRYPT encryption. rlm_pap: User authenticated successfully ++[pap] returns ok Login OK: [francis/*********] (from client switch port 0) Sending Access-Accept of id 13 to 192.168.1.210 port 2048 Finished request 0. Going to the next request Waking up in 0.9 seconds. Waking up in 3.9 seconds. Cleaning up request 0 ID 13 with timestamp +970 Ready to process requests.
Some one understand what is going wrong with this? Why i cannot log on the switch if the username/password is ok an authenticate?
Thanks for your help.
Francis Provencher Ministčre de la Sécurité publique du Québec Direction des technologies de l'information Division de la sécurité informatique Tél: 1 418 646-3258 BlackBery; 1 418 473 6419 Courriel: Francis.provencher@Msp.gouv.qc.ca
CEH - Certified Ethical Hackers SSCP - System Security Certified Practitionner Sec+ - Security +
It work well! Thanks all for your answer! Francis Provencher Ministère de la Sécurité publique du Québec Direction des technologies de l'information Division de la sécurité informatique Tél: 1 418 646-3258 BlackBery; 1 418 473 6419 Courriel: Francis.provencher@Msp.gouv.qc.ca CEH - Certified Ethical Hackers SSCP - System Security Certified Practitionner Sec+ - Security +
"Ivan Kalik" <tnt@kalik.net> 2008-04-04 15:57 >>> You need Service-Type = Administrative-User in reply as well. Add that to user entry.
Ivan Kalik Kalik Informatika ISP Dana 4/4/2008, "FRANCIS PROVENCHER" <francis.provencher@msp.gouv.qc.ca> pi*e:
Hi all,
I'm sorry if i'm double posting (Im not sure if the first message was sent correctly..Sorry if it's the second time you received this message..)
When i connect with unix/localuser via telnet on my baystack switch i received message (Access Denied from Radius server)
I take a look on log's from radius server and i see this;
rad_recv: Access-Request packet from host 192.168.1.210 port 2048, id=13, length=59 NAS-IP-Address = 192.168.1.210 User-Password = "********" Service-Type = Administrative-User User-Name = "francis" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "francis", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated rad_check_password: Found Auth-Type auth: type "PAP" +- entering group PAP rlm_pap: login attempt with password "***********" rlm_pap: Using CRYPT encryption. rlm_pap: User authenticated successfully ++[pap] returns ok Login OK: [francis/*********] (from client switch port 0) Sending Access-Accept of id 13 to 192.168.1.210 port 2048 Finished request 0. Going to the next request Waking up in 0.9 seconds. Waking up in 3.9 seconds. Cleaning up request 0 ID 13 with timestamp +970 Ready to process requests.
Some one understand what is going wrong with this? Why i cannot log on the switch if the username/password is ok an authenticate?
Thanks for your help.
Francis Provencher Minist*re de la Sécurité publique du Québec Direction des technologies de l'information Division de la sécurité informatique Tél: 1 418 646-3258 BlackBery; 1 418 473 6419 Courriel: Francis.provencher@Msp.gouv.qc.ca
CEH - Certified Ethical Hackers SSCP - System Security Certified Practitionner Sec+ - Security +
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
When i connect with unix/localuser via telnet on my baystack switch i received message (Access Denied from Radius server)
you are getting an authenticate...and access accept...but what about an authorization. what return attributes must you return to your kit for a successful telnet into the device? alan
participants (4)
-
A.L.M.Buxey@lboro.ac.uk -
Alan DeKok -
FRANCIS PROVENCHER -
Ivan Kalik