CIsco Pix and FreeRadius....
Sills, Tripp
tripp at dmenet.com
Tue Jan 17 18:21:16 CET 2006
Notice the first request that comes from the 10.2.0.69...It is using the
test aaa-server from the PIX itself. The other 2 are when I am
connecting to the VPN client and trying to authenicate. It says Auth
Type unknown. Any ideas Alan?
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: ../etc/raddb/proxy.conf
Config: including file: ../etc/raddb/clients.conf
Config: including file: ../etc/raddb/snmp.conf
Config: including file: ../etc/raddb/eap.conf
Config: including file: ../etc/raddb/sql.conf
main: prefix = ".."
main: localstatedir = "../var"
main: logdir = "../var/log/radius"
main: libdir = "../lib"
main: radacctdir = "../var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = yes
main: log_file = "../var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "../var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "../bin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is ../lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "../var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "tls"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file =
"../etc/raddb/certs/FreeRADIUS.net/DemoCerts/FreeRADIUS.net-Server.pem"
tls: certificate_file =
"../etc/raddb/certs/FreeRADIUS.net/DemoCerts/FreeRADIUS.net-Server.crt"
tls: CA_file =
"../etc/raddb/certs/FreeRADIUS.net/DemoCerts/FreeRADIUS.net-Root.crt"
tls: private_key_password = "demo"
tls: dh_file = "../etc/raddb/certs/FreeRADIUS.net/DemoCerts/dh"
tls: random_file = "../etc/raddb/certs/FreeRADIUS.net/DemoCerts/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "%{User-Name}"
rlm_eap: Loaded and initialized type tls
ttls: default_eap_type = "md5"
ttls: copy_request_to_tunnel = no
ttls: use_tunneled_reply = no
rlm_eap: Loaded and initialized type ttls
peap: default_eap_type = "mschapv2"
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "../etc/raddb/huntgroups"
preprocess: hints = "../etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "../etc/raddb/users"
files: acctusersfile = "../etc/raddb/acct_users"
files: preproxy_usersfile = "../etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"../var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "../var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 10.2.0.69:1025, id=85,
length=93
User-Name = "tripp"
User-Password = "tripp"
NAS-IP-Address = 10.2.0.69
NAS-Port-Type = Virtual
Cisco-AVPair = "ip:source-ip=000.000.000.000"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "tripp", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry tripp at line 224
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Login OK: [tripp/tripp] (from client BorderPatrol port 0)
Sending Access-Accept of id 85 to 10.2.0.69:1025
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 85 with timestamp 43cd26ed
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 10.2.0.69:1025, id=86,
length=154
User-Name = "tripp"
User-Password = "tripp"
NAS-Port = 739
Service-Type = Framed-User
Framed-Protocol = PPP
Called-Station-Id = "68.208.135.26"
Calling-Station-Id = "24.73.134.236"
Tunnel-Client-Endpoint:0 = "24.73.134.236"
NAS-IP-Address = 10.2.0.69
NAS-Port-Type = Virtual
Cisco-AVPair = "ip:source-ip=24.73.134.236"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "tripp", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 1
users: Matched entry DEFAULT at line 179
users: Matched entry DEFAULT at line 191
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns ok for request 1
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Login incorrect: [tripp/tripp] (from client BorderPatrol port 739 cli
24.73.134.236)
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 86 to 10.2.0.69:1025
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 86 with timestamp 43cd273a
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 10.2.0.69:1025, id=87,
length=154
User-Name = "tripp"
User-Password = "tripp"
NAS-Port = 739
Service-Type = Framed-User
Framed-Protocol = PPP
Called-Station-Id = "68.208.135.26"
Calling-Station-Id = "24.73.134.236"
Tunnel-Client-Endpoint:0 = "24.73.134.236"
NAS-IP-Address = 10.2.0.69
NAS-Port-Type = Virtual
Cisco-AVPair = "ip:source-ip=24.73.134.236"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "tripp", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 2
users: Matched entry DEFAULT at line 179
users: Matched entry DEFAULT at line 191
modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns ok for request 2
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Login incorrect: [tripp/tripp] (from client BorderPatrol port 739 cli
24.73.134.236)
Delaying request 2 for 1 seconds
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 87 to 10.2.0.69:1025
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 87 with timestamp 43cd2740
Nothing to do. Sleeping until we see a request.
Terminate batch job (Y/N)?
-----Original Message-----
From: freeradius-users-bounces+tripp=dmenet.com at lists.freeradius.org
[mailto:freeradius-users-bounces+tripp=dmenet.com at lists.freeradius.org]
On Behalf Of Alan DeKok
Sent: Monday, January 16, 2006 10:33 PM
To: FreeRadius users mailing list
Subject: Re: CIsco Pix and FreeRadius....
"Sills, Tripp" <tripp at dmenet.com> wrote:
> It says Auth-Type found Local but when I run with the VPN client it
> says unknown auth type. Please any help would be great!
Help us help you. Read the README, INSTALL, and FAQ. Then follow
the instructions there for debugging the server.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list