Hello ! I am having troubles with Avaya P334T switch. I am trying to authenticate users directly connected to ports of the switch. I have configured the switch well I think because the acces-request is sent to the radius but then the radius send an access-challenge to the switch and nothing is done after. There is no answer of the switch and the user cannot access the network but it is not rejected by the radius. I think the problem come from the switch because authentication on a wireless access-point connected on this switch works fine. Did anybody encounter the same problem? Any idea? Thanks for your help ----- Romain Mercier - Technicien réseau et sécurité Université d'Angers - CRI Service Systèmes & Réseaux 40 rue de Rennes 49035 Angers Cedex - France
Nobody can help me? ----- Romain Mercier - Technicien réseau et sécurité Université d'Angers - CRI Service Systèmes & Réseaux 40 rue de Rennes 49035 Angers Cedex - France _____ De : freeradius-users-bounces+romain.mercier=univ-angers.fr@lists.freeradius.org [mailto:freeradius-users-bounces+romain.mercier=univ-angers.fr@lists.freerad ius.org] De la part de Romain Mercier Envoyé : mardi 13 mars 2007 12:10 À : 'FreeRadius users mailing list' Objet : Access-Challenge with Avaya Hello ! I am having troubles with Avaya P334T switch. I am trying to authenticate users directly connected to ports of the switch. I have configured the switch well I think because the acces-request is sent to the radius but then the radius send an access-challenge to the switch and nothing is done after. There is no answer of the switch and the user cannot access the network but it is not rejected by the radius. I think the problem come from the switch because authentication on a wireless access-point connected on this switch works fine. Did anybody encounter the same problem? Any idea? Thanks for your help ----- Romain Mercier - Technicien réseau et sécurité Université d'Angers - CRI Service Systèmes & Réseaux 40 rue de Rennes 49035 Angers Cedex - France
Try pasting debug (radiusd -X) output so people can see what's going on. Dana 14/3/2007, "Romain Mercier" <romain.mercier@univ-angers.fr> piše:
Nobody can help me?
-----
Romain Mercier - Technicien réseau et sécurité
Université d'Angers - CRI Service Systčmes & Réseaux
40 rue de Rennes
49035 Angers Cedex - France
_____
De : freeradius-users-bounces+romain.mercier=univ-angers.fr@lists.freeradius..org [mailto:freeradius-users-bounces+romain.mercier=univ-angers.fr@lists.freerad ius.org] De la part de Romain Mercier Envoyé : mardi 13 mars 2007 12:10 Ŕ : 'FreeRadius users mailing list' Objet : Access-Challenge with Avaya
Hello !
I am having troubles with Avaya P334T switch.
I am trying to authenticate users directly connected to ports of the switch.
I have configured the switch well I think because the acces-request is sent to the radius but then the radius send an access-challenge to the switch and nothing is done after.
There is no answer of the switch and the user cannot access the network but it is not rejected by the radius.
I think the problem come from the switch because authentication on a wireless access-point connected on this switch works fine.
Did anybody encounter the same problem? Any idea?
Thanks for your help
-----
Romain Mercier - Technicien réseau et sécurité
Université d'Angers - CRI Service Systčmes & Réseaux
40 rue de Rennes
49035 Angers Cedex - France
I past the log I get using radiusd -X -A: rad_recv: Access-Request packet from host xxxx:1812, id=23, length=71 User-Name = "xxxx" NAS-IP-Address = xxxx EAP-Message = 0x0202000e[xxxx]657263696572 Message-Authenticator = 0x869a27cf7ee9[xxxx]5bf4d4c7675b7ccb94 rad_lowerpair: User-Name now 'xxxx' Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 radius_xlat: '/var/log/radacct/auth-detail-20070314' rlm_detail: /var/log/radacct/auth-detail-%Y%m%d expands to /var/log/radacct/auth-detail-20070314 modcall[authorize]: module "auth_log" returns ok for request 0 modcall[authorize]: module "attr_filter" returns noop for request 0 rlm_realm: No '@' in User-Name = "xxxx", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "xxxx" rlm_realm: Proxying request from user xxxx to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 0 rlm_attr_rewrite: Could not find value pair for attribute Called-Station-Id modcall[authorize]: module "get_SSID" returns noop for request 0 rlm_eap: EAP packet type response id 2 length 14 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for xxxx radius_xlat: '(uid=xxxx)' radius_xlat: 'ou=people,dc=xxxx,dc=fr' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to monldap.xxxx.fr:389, authentication 0 rlm_ldap: bind as / to monldap.xxxx.fr:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=people,dc=xxxx,dc=fr, with filter (uid=xxxx) rlm_ldap: looking for check items in directory... rlm_ldap: Adding uid as User-Password, value xxxx & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: user xxxx authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 0 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=people,dc=xxxx,dc=fr' radius_xlat: '(|(&(objectClass=GroupOfNames)(member=uid\3dxxxx\2cou\3dpeople\2cdc\3dxxxx\2cdc\3dfr))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid\3dxxxx\2cou\3dpeople\2cdc\3dxxxx\2cdc\3dfr)))' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,dc=xxxx,dc=fr, with filter (&(cn=perso)(|(&(objectClass=GroupOfNames)(member=uid\3dxxxx\2cou\3dpeople\2cdc\3dxxxx\2cdc\3dfr))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid\3dxxxx\2cou\3dpeople\2cdc\3dxxxx\2cdc\3dfr)))) rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in uid=xxxx,ou=people,dc=xxxx,dc=fr, with filter (objectclass=*) rlm_ldap::ldap_groupcmp: User found in group perso rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=people,dc=xxxx,dc=fr' radius_xlat: '(|(&(objectClass=GroupOfNames)(member=uid\3dxxxx\2cou\3dpeople\2cdc\3dxxxx\2cdc\3dfr))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid\3dxxxx\2cou\3dpeople\2cdc\3dxxxx\2cdc\3dfr)))' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,dc=xxxx,dc=fr, with filter (&(cn=perso-nomail)(|(&(objectClass=GroupOfNames)(member=uid\3dxxxx\2cou\3dpeople\2cdc\3dxxxx\2cdc\3dfr))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid\3dxxxx\2cou\3dpeople\2cdc\3dxxxx\2cdc\3dfr)))) rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in uid=xxxx,ou=people,dc=xxxx,dc=fr, with filter (objectclass=*) rlm_ldap::groupcmp: Group perso-nomail not found ????or user not a member rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=people,dc=xxxx,dc=fr' radius_xlat: '(|(&(objectClass=GroupOfNames)(member=uid\3dxxxx\2cou\3dpeople\2cdc\3dxxxx\2cdc\3dfr))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid\3dxxxx\2cou\3dpeople\2cdc\3dxxxx\2cdc\3dfr)))' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,dc=xxxx,dc=fr, with filter (&(cn=perso)(|(&(objectClass=GroupOfNames)(member=uid\3dxxxx\2cou\3dpeople\2cdc\3dxxxx\2cdc\3dfr))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid\3dxxxx\2cou\3dpeople\2cdc\3dxxxx\2cdc\3dfr)))) rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in uid=xxxx,ou=people,dc=xxxx,dc=fr, with filter (objectclass=*) rlm_ldap::ldap_groupcmp: User found in group perso rlm_ldap: ldap_release_conn: Release Id: 0 users: Matched entry DEFAULT at line 119 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 23 to xxxx port 1812 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "364" Reply-Message = "Vous etes sur le reseau personnel" EAP-Message = 0x010300061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xad191c63a681aa59b3cad2358e5001c6 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 23 with timestamp 45f7ff88 Nothing to do. Sleeping until we see a request. I've tried to do what AVAYA's support write to configure FreeRadius for 802.1x support but it doesn't work. --- Romain Mercier Université d'Angers - CRI Service Systèmes & Réseaux 40 rue de Rennes 49035 Angers Cedex - France
De : freeradius-users-bounces+romain.mercier=univ-angers.fr@lists.freeradius..org [mailto:freeradius-users-bounces+romain.mercier=univ-angers.fr@lists.freerad ius.org] De la part de Romain Mercier Envoyé : mardi 13 mars 2007 12:10 Ŕ : 'FreeRadius users mailing list' Objet : Access-Challenge with Avaya
Hello !
I am having troubles with Avaya P334T switch. I am trying to authenticate users directly connected to ports of the switch. I have configured the switch well I think because the acces-request is sent to the radius but then the radius send an access-challenge to the switch and nothing is done after. There is no answer of the switch and the user cannot access the network but it is not rejected by the radius. I think the problem come from the switch because authentication on a wireless access-point connected on this switch works fine.
Did anybody encounter the same problem? Any idea?
Thanks for your help
-----
Romain Mercier - Technicien réseau et sécurité
Université d'Angers - CRI Service Systčmes & Réseaux
40 rue de Rennes
49035 Angers Cedex - France
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (2)
-
Romain Mercier -
tnt@kalik.co.yu