Authenticating users on cisco 3750 switch

Peter Nixon listuser at peternixon.net
Tue Sep 19 20:17:03 CEST 2006


Do you have multiple interfaces in your radius server? Maybe you are replying 
from a different IP..

-Peter

On Tue 19 Sep 2006 16:22, Jean-Francois Fortin wrote:
> We did what is mentioned in the doc but still doesn't work.  It is like
> if the answer from the radius doesn't reach back the switch.  But the
> switch and the Radius server are on the same network.
>
> >From radius server:
>
> ...
> modcall: group authorize returns ok for request 3
> auth: type Local
> auth: user supplied User-Password matches local User-Password
> Sending Access-Accept of id 148 to 10.9.19.5:21645
>         Service-Type = NAS-Prompt-User
> Finished request 3
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 10.9.19.5:21645, id=148,
> length=62
> Sending duplicate reply to client tmiciscosw.tmi-ppe.oz.com:21645 - ID:
> 148
> Re-sending Access-Accept of id 148 to 10.9.19.5:21645
>
> On the Switch:
>
> 013717: Sep 19 13:19:24: %RADIUS-4-RADIUS_DEAD: RADIUS server
> 10.9.19.16:1812,1.
> 013718: Sep 19 13:19:24: %RADIUS-4-RADIUS_ALIVE: RADIUS server
> 10.9.19.16:1812,.
> % Username:  timeout expired!
> % Authentication failed.
>
>
>
>
> -----Original Message-----
> From:
> freeradius-users-bounces+jean-francois.fortin=oz.com at lists.freeradius.or
> g
> [mailto:freeradius-users-bounces+jean-francois.fortin=oz.com at lists.freer
> adius.org] On Behalf Of Peter Nixon
> Sent: Tuesday, September 19, 2006 4:29 AM
> To: FreeRadius users mailing list
> Subject: Re: Authenticating users on cisco 3750 switch
>
> On Mon 18 Sep 2006 23:38, Jean-Francois Fortin wrote:
> > Hi,
> >
> >             We are trying to use freeradius as authentication system
>
> to
>
> > allow users to connect to our cisco switch (3750) for management.  The
> > radius server is running ok, we can authenticate Cisco ASA, BigIP LB
> > against it.  But when trying with the 3750, we see that the radius
> > server accept the user and return an answer to the switch, but it
> > doesn't work.  Anyone has sample config using freeradius with cisco
> > switch?
>
> http://wiki.freeradius.org/index.php/Cisco

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060919/b21c53e6/attachment.pgp>


More information about the Freeradius-Users mailing list