Cisco NAS Password problem

John Morris jmorris at RSCVA.com
Thu Oct 25 23:26:10 CEST 2007


Hello:

  I am new to using Freeradius, and I am using Freeradius 1.1.6 that comes with Ubuntu Server 7.10

  I have set up Freeradius with MySQL as the backend database.

  I set up one of my Cisco 3550 switches to use Radius as the login method. This worked fine, authentication was running through freeradius. All of my Cisco switches are running the same IOS version, and all configured similarly (only port information is different).

  I then added a second switch to the freeradius client configuration (nas table), and encountered a problem. The password was being rejected. So I ran Freeradius -X so I could see what was going on.

  On the good password attempt (first switch added) I see something like this:

rad_recv: Access-Request packet from host 192.168.x.x:1645, id=9, length=80
        NAS-IP-Address = 192.168.x.x
        NAS-Port = 1
        NAS-Port-Type = Virtual
        User-Name = "username"
        Calling-Station-Id = "192.168.x.y"
        User-Password = "decodedpassword"

On the failed password attempt (second and now third switch in the list) I see something like this:

rad_recv: Access-Request packet from host 192.168.x.z:1645, id=1, length=80
        NAS-IP-Address = 192.168.x.z
        NAS-Port = 1
        NAS-Port-Type = Virtual
        User-Name = "username"
        Calling-Station-Id = "192.168.x.y"
        User-Password = "r\306\324\333M\014\247\022\363\216K\257`\315#]"

The password doesnt appear to get decoded before processing of the auth packet occurs.

All of the entries in the nas table include the same NAS type.

I've gone thru my configs several times, and I'm not sure what I am missing. Does anyone out there have any ideas?

Regards

John






More information about the Freeradius-Users mailing list