Problem in connecting to switch on telnet
admin:x:500:500::/home/admin:/bin/bash That x means that you have assigned a password for this account. It's in /etc/shadow. Ivan Kalik Kalik Informatika ISP Dana 17/6/2008, "Guk Viktor" <v.guk@zaz.zp.ua> piše:
Prompt, what to make in that case. In the file /etc/passwd there is this line of " admin:x:500:500::/home/admin:/bin/bash ". How it is necessary to assign password?
Message: 4 Date: Tue, 17 Jun 2008 09:33:31 +0100 From: "Ivan Kalik" <tnt@kalik.net> Subject: Re: Problem in connecting to switch on telnet To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Message-ID: <JBqwPney.1213691611.8437380.tnt@kalik.co.yu> Content-Type: text/plain; charset=ISO-8859-2
You have deleted the part of the debug which tells how is Auth-Type set. Post the whole thing. BTW, now you do have admin account in /etc/passwd but the password is wrong. It's still not using password from the users file.
Ivan Kalik Kalik Informatika ISP
Dana 17/6/2008, "Guk Viktor" <v.guk@zaz.zp.ua> pi?e:
It tried without Auth-Type = System, also tried Auth-Type = Local.
Processing the authenticate section of radius.conf modcall: entering group authenticate for request 0 rlm_unix: [admin]: invalid password modcall[authenticate]: module "unix" returns reject for request 0 modcall: leaving group authenticate (returns reject) for request 0 auth: Failed to validate the user. Login incorrect: [admin/admin] (from client 10.0.1.2 port 117612545 cli 0000-0000-0000)
Message: 4 Date: Fri, 13 Jun 2008 15:38:57 +0100 From: "Ivan Kalik" <tnt@kalik.net> Subject: Re: Problem in connecting to switch on telnet To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Message-ID: <wbdeeigX.1213367937.5098900.tnt@kalik.co.yu> Content-Type: text/plain; charset=ISO-8859-2 You are setting up the wrong authentication type. Remove Auth-Type =System from user configuration. 1.1.3 is old. I am not sure do you need to set Auth-Type there. If it doesn't work without it set Auth-Type = Local. Ivan Kalik Kalik Informatika ISP Dana 13/6/2008, "Guk Viktor" <v.guk@zaz.zp.ua> pi?e:
Hello,
I have freeradius-1.1.3 and 3com switch 5500-EI. On the switch is disposed the access of users into the network through freeradius. Arose problem in connecting to switch on telnet. In the log freeradius it is indicated that the incorrect password (however password I introduce correctly).
rad_recv: Access-Request packet from host 10.0.1.2:5007, id=1, length=203 ??????? User-Name = "admin" ??????? User-Password = "admin" ??????? NAS-IP-Address = 10.0.1.2 ??????? NAS-Identifier = "001ac1d4ee42" ??????? NAS-Port = 117612545 ??????? NAS-Port-Id = "unit=7;subslot=0;port=42;vlanid=1" ??????? NAS-Port-Type = Ethernet ??????? Service-Type = Login-User ??????? Login-IP-Host = 10.0.1.2 ??????? Calling-Station-Id = "0000-0000-0000" ??????? Framed-IP-Address = 10.0.1.100 ??????? Vendor-25506-Attr-26 = 0x00000003 ??????? Vendor-25506-Attr-255 = 0x353530302d4549 ??????? Vendor-25506-Attr-60 = 0x31302e302e312e3130302030303a30303a30303a30303a30303a3030 ??????? Vendor-25506-Attr-59 = 0x38e68c68 ? Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 ? modcall[authorize]: module "mschap" returns noop for request 0 ??? rlm_realm: No '\' in User-Name = "admin", looking up realm NULL ??? rlm_realm: No such realm "NULL" ? modcall[authorize]: module "ntdomain" returns noop for request 0 ? rlm_eap: No EAP-Message, not doing EAP ? modcall[authorize]: module "eap" returns noop for request 0 ??? users: Matched entry DEFAULT at line 152 ??? users: Matched entry admin at line 216 ? modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 ? rad_check_password:? Found Auth-Type System auth: type "System" ? Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 ? modcall[authenticate]: module "unix" returns notfound for request 0 modcall: leaving group authenticate (returns notfound) for request 0 auth: Failed to validate the user. Login incorrect: [admin/admin] (from client 10.0.1.2 port 117612545 cli 0000-0000-0000) Delaying request 0 for 1 seconds Finished request 0
Users: admin?? Auth-Type = System, User-Password == "admin" ??? ?? 3Com-User-Access-Level = Administrator
eap.conf: eap{ ??? default_eap_type = peap ??? timer_expire = 60 ??? ignore_unknown_eap_type = no ??? cisco_accounting_username_bug = no ??? ??? md5{ ??? ?? }
??? leap{ ??? ?? }
??? gtc{ ??? ?? auth_type = PAP ??? ?? }
??? peap{ ??? ?? default_eap_type = mschapv2 ??? ?? use_tunneled_reply = yes ??? ?? }
??? mschapv2{ ??? ?? } ??? }
It can possibly use a local authorization to switch on telnet, without freeradius.
Viktor Guk
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Am 17.06.2008 um 15:28 schrieb Guk Viktor:
> Prompt, what to make in that case. In the file /etc/passwd there is
> this line of " admin:x:500:500::/home/admin:/bin/bash ". How it is
> necessary to assign password?
Are you sure that your password is there?
The "x" should be your password. If it is something like x or *, it
means that the password is not there but in the shadow file. (Sorry I
am not sure anymore if it is /etc/shadow)
"x" could perhaps also mean that root (or in this case "admin") has
no login at all!
Have a nice day!
>> Message: 4
>> Date: Tue, 17 Jun 2008 09:33:31 +0100
>> From: "Ivan Kalik" <tnt@kalik.net>
>> Subject: Re: Problem in connecting to switch on telnet
>> To: "FreeRadius users mailing list"
>> <freeradius-users@lists.freeradius.org>
>> Message-ID: <JBqwPney.1213691611.8437380.tnt@kalik.co.yu>
>> Content-Type: text/plain; charset=ISO-8859-2
>>
>> You have deleted the part of the debug which tells how is Auth-
>> Type set.
>> Post the whole thing. BTW, now you do have admin account in /etc/
>> passwd
>> but the password is wrong. It's still not using password from the
>> users
>> file.
>>
>> Ivan Kalik
>> Kalik Informatika ISP
>>
>>
>> Dana 17/6/2008, "Guk Viktor" <v.guk@zaz.zp.ua> pi?e:
>>
>>
>>> It tried without Auth-Type = System, also tried Auth-Type = Local.
>>>
>>> Processing the authenticate section of radius.conf
>>> modcall: entering group authenticate for request 0
>>> rlm_unix: [admin]: invalid password
>>> modcall[authenticate]: module "unix" returns reject for request 0
>>> modcall: leaving group authenticate (returns reject) for request 0
>>> auth: Failed to validate the user.
>>> Login incorrect: [admin/admin] (from client 10.0.1.2 port
>>> 117612545 cli
>>> 0000-0000-0000)
>>>
>>>> Message: 4 Date: Fri, 13 Jun 2008 15:38:57 +0100 From: "Ivan Kalik"
>>>> <tnt@kalik.net> Subject: Re: Problem in connecting to switch on
>>>> telnet
>>>> To: "FreeRadius users mailing list"
>>>> <freeradius-users@lists.freeradius.org> Message-ID:
>>>> <wbdeeigX.1213367937.5098900.tnt@kalik.co.yu> Content-Type:
>>>> text/plain; charset=ISO-8859-2 You are setting up the wrong
>>>> authentication type. Remove Auth-Type =System from user
>>>> configuration.
>>>> 1.1.3 is old. I am not sure do you need to set Auth-Type there.
>>>> If it
>>>> doesn't work without it set Auth-Type = Local. Ivan Kalik Kalik
>>>> Informatika ISP Dana 13/6/2008, "Guk Viktor" <v.guk@zaz.zp.ua>
>>>> pi?e:
>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> I have freeradius-1.1.3 and 3com switch 5500-EI. On the
>>>>>> switch is disposed the access of users into the network through
>>>>>> freeradius. Arose problem in
>>>>>> connecting to switch on telnet. In the log freeradius it is
>>>>>> indicated
>>>>>> that the incorrect password (however password I introduce
>>>>>> correctly).
>>>>>>
>>>>>> rad_recv: Access-Request packet from host 10.0.1.2:5007, id=1,
>>>>>> length=203
>>>>>> ??????? User-Name = "admin"
>>>>>> ??????? User-Password = "admin"
>>>>>> ??????? NAS-IP-Address = 10.0.1.2
>>>>>> ??????? NAS-Identifier = "001ac1d4ee42"
>>>>>> ??????? NAS-Port = 117612545
>>>>>> ??????? NAS-Port-Id = "unit=7;subslot=0;port=42;vlanid=1"
>>>>>> ??????? NAS-Port-Type = Ethernet
>>>>>> ??????? Service-Type = Login-User
>>>>>> ??????? Login-IP-Host = 10.0.1.2
>>>>>> ??????? Calling-Station-Id = "0000-0000-0000"
>>>>>> ??????? Framed-IP-Address = 10.0.1.100
>>>>>> ??????? Vendor-25506-Attr-26 = 0x00000003
>>>>>> ??????? Vendor-25506-Attr-255 = 0x353530302d4549
>>>>>> ??????? Vendor-25506-Attr-60 =
>>>>>> 0x31302e302e312e3130302030303a30303a30303a30303a30303a3030
>>>>>> ??????? Vendor-25506-Attr-59 = 0x38e68c68
>>>>>> ? Processing the authorize section of radiusd.conf
>>>>>> modcall: entering group authorize for request 0
>>>>>> ? modcall[authorize]: module "mschap" returns noop for request 0
>>>>>> ??? rlm_realm: No '\' in User-Name = "admin", looking up realm
>>>>>> NULL
>>>>>> ??? rlm_realm: No such realm "NULL"
>>>>>> ? modcall[authorize]: module "ntdomain" returns noop for
>>>>>> request 0
>>>>>> ? rlm_eap: No EAP-Message, not doing EAP
>>>>>> ? modcall[authorize]: module "eap" returns noop for request 0
>>>>>> ??? users: Matched entry DEFAULT at line 152
>>>>>> ??? users: Matched entry admin at line 216
>>>>>> ? modcall[authorize]: module "files" returns ok for request 0
>>>>>> modcall: leaving group authorize (returns ok) for request 0
>>>>>> ? rad_check_password:? Found Auth-Type System
>>>>>> auth: type "System"
>>>>>> ? Processing the authenticate section of
>>>>>> radiusd.conf
>>>>>> modcall: entering group authenticate for request 0
>>>>>> ? modcall[authenticate]: module "unix" returns notfound for
>>>>>> request 0
>>>>>> modcall: leaving group authenticate (returns notfound) for
>>>>>> request 0
>>>>>> auth: Failed to validate the user.
>>>>>> Login incorrect: [admin/admin] (from
>>>>>> client 10.0.1.2 port 117612545 cli 0000-0000-0000)
>>>>>> Delaying request 0 for 1 seconds
>>>>>> Finished request 0
>>>>>>
>>>>>> Users:
>>>>>> admin?? Auth-Type = System, User-Password == "admin"
>>>>>> ??? ?? 3Com-User-Access-Level = Administrator
>>>>>>
>>>>>> eap.conf:
>>>>>> eap{
>>>>>> ??? default_eap_type = peap
>>>>>> ??? timer_expire = 60
>>>>>> ??? ignore_unknown_eap_type = no
>>>>>> ??? cisco_accounting_username_bug = no
>>>>>> ???
>>>>>> ??? md5{
>>>>>> ??? ?? }
>>>>>>
>>>>>> ??? leap{
>>>>>> ??? ?? }
>>>>>>
>>>>>> ??? gtc{
>>>>>> ??? ?? auth_type = PAP
>>>>>> ??? ?? }
>>>>>>
>>>>>> ??? peap{
>>>>>> ??? ?? default_eap_type = mschapv2
>>>>>> ??? ?? use_tunneled_reply = yes
>>>>>> ??? ?? }
>>>>>>
>>>>>> ??? mschapv2{
>>>>>> ??? ?? }
>>>>>> ??? }
>>>>>>
>>>>>> It can possibly use a local authorization to switch on telnet,
>>>>>> without freeradius.
>>>>>>
>>>>>> Viktor Guk
>>>>>>
>>>>>>
>>> -
>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/
>>> list/users.html
>>>
>>>
>>>
>>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/
> users.html
Nicolas Goutte
extragroup GmbH - Karlsruhe
Waldstr. 49
76133 Karlsruhe
Germany
Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle
Registergericht: Amtsgericht Münster / HRB: 5624
Steuer Nr.: 337/5903/0421 / UstID: DE 204607841
participants (3)
-
Guk Viktor -
Ivan Kalik -
Nicolas Goutte