3Com 4500 and 5500 local login

Oxiel oxielc at yahoo.it
Sat Aug 23 03:50:37 CEST 2008 

Hello gurus.

Is me again :), trying to authenticate local users to the switch through 
freeradius 2.0.5, but no success with 3Com 4500/5500.

My users file has:

admin Cleartext-Password := "XXXXX"
        Framed-IP-Address = "%{Framed-IP-Address}",
        3Com-User-Access-Level = 3Com-Administrator,
        Reply-Message = "Hola usuario, %{User-Name}"

radiusd -X shows this, as you can see i'm getting the access-accept message:

rad_recv: Access-Request packet from host 192.168.100.246 port 5001, id=72, 
length=204
        User-Name = "admin"
        User-Password = "XXXXX"
        NAS-IP-Address = 192.168.100.246
        NAS-Identifier = "001cc53e1b02"
        NAS-Port = 16809985
        NAS-Port-Id = "unit=1;subslot=0;port=8;vlanid=1"
        NAS-Port-Type = Ethernet
        Service-Type = Login-User
        Login-IP-Host = 192.168.100.246
        Calling-Station-Id = "0000-0000-0000"
        Framed-IP-Address = 192.168.100.241
        H3C-Connect_Id = 72
        H3C-Product-ID = "4500"
        H3C-Ip-Host-Addr = "192.168.100.241 00:00:00:00:00:00"
        H3C-NAS-Startup-Timestamp = 954633321
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "admin", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
    users: Matched entry admin at line 220
        expand: %{Framed-IP-Address} -> 192.168.100.241
        expand: Hola usuario, %{User-Name} -> Hola usuario, admin
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
  rad_check_password:  Found Auth-Type
auth: type "PAP"
+- entering group PAP
rlm_pap: login attempt with password "XXXXX"
rlm_pap: Using clear text password "XXXXX"
rlm_pap: User authenticated successfully
++[pap] returns ok
+- entering group post-auth
++[exec] returns noop
Sending Access-Accept of id 72 to 192.168.100.246 port 5001
        Framed-IP-Address = 192.168.100.241
        3Com-User-Access-Level = 3Com-Administrator
        Reply-Message = "Hola usuario, admin"
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 72 with timestamp +15
Ready to process requests.

The switch shows me this:

debugging radius packet
terminal debugging

*0.683215396 4500 RDS/8/DEBUG:- 1 -Recv MSG,[MsgType=Normal auth request Index 
= 72, ulParam3=2185152212]
*0.683215397 4500 RDS/8/DEBUG:- 1 -Send attribute list:
*0.683215398 4500 RDS/8/DEBUG:- 1 -
[1  User-name                   ] [7 ] [admin]
[2  Password                    ] [18] [B9CE88BA96205FBFF301351E5ED4A8C5]
[4  NAS-IP-Address              ] [6 ] [192.168.100.246]
[32 NAS-Identifier              ] [14] [001cc53e1b02]
[5  NAS-Port                    ] [6 ] [16809985]
[87 NAS_Port_Id                 ] [34] [unit=1;subslot=0;port=8;vlanid=1]
*0.683215399 4500 RDS/8/DEBUG:- 1 -
[61 NAS-Port-Type               ] [6 ] [15]
[3com-26 Connect_ID               ] [6 ] [72]
[6  Service-Type                ] [6 ] [1]
[14 Login-Host                  ] [6 ] [192.168.100.246]
[31 Caller-ID                   ] [16] [303030302D303030302D30303030]
[8  Framed-Address              ] [6 ] [192.168.100.241]
*0.683215400 4500 RDS/8/DEBUG:- 1 -
[3com-255Product-ID               ] [6 ] [4500]
[3com-60 Ip-Host-Addr             ] [35] [192.168.100.241 00:00:00:00:00:00]
[3com-59 NAS-Startup-Timestamp    ] [6 ] [954633321]
*0.683215401 4500 RDS/8/DEBUG:- 1 -Send: IP=[192.168.100.91], UserIndex=[72], 
ID=[72], RetryTimes=[0], Code=[1], Length=[204]
*0.683215401 4500 RDS/8/DEBUG:- 1 -Send Raw Packet is:
*0.683215402 4500 RDS/8/DEBUG:- 1 -
 01 48 00 cc e4 54 00 00 e7 22 00 00 b1 26 00 00
 29 3b 00 00 01 07 61 64 6d 69 6e 02 12 b9 ce 88
 ba 96 20 5f bf f3 01 35 1e 5e d4 a8 c5 04 06 c0
 a8 64 f6 20 0e 30 30 31 63 63 35 33 65 31 62 30
 32 05 06 01 00 80 01 57 22 75 6e 69 74 3d 31 3b
 73 75 62 73 6c 6f 74 3d 30 3b 70 6f 72 74 3d 38
 3b 76 6c 61 6e 69 64 3d 31 3d 06 00 00 00 0f 06
 06 00 00 00 01 0e 06 c0 a8 64 f6 1f 10 30 30 30
 30 2d 30 30 30 30 2d 30 30 30 30 08 06 c0 a8 64
 f1 1a 3b 00 00 63 a2 1a 06 00 00 00 48 ff 06 34
 35 30 30 3c 23 31 39 32 2e 31 36 38 2e 31 30 30
 2e 32 34 31 20 30 30 3a 30 30 3a 30 30 3a 30 30
 3a 30 30 3a 30 30 3b 06 38 e6 8c 69

*0.683215413 4500 RDS/8/DEBUG:- 1 -Recv MSG,[MsgType=PKT response Index = 59, 
ulParam3=2182466612]
*0.683215414 4500 RDS/8/DEBUG:- 1 -Receive Raw Packet is:
*0.683215415 4500 RDS/8/DEBUG:- 1 -
 02 48 00 3b 22 a0 e3 77 89 0b 9f f0 0f 82 02 71
 a6 81 7b 68 08 06 c0 a8 64 f1 1a 0c 00 00 00 2b
 01 06 00 00 00 03 12 15 48 6f 6c 61 20 75 73 75
 61 72 69 6f 2c 20 61 64 6d 69 6e

*0.683215416 4500 RDS/8/DEBUG:- 
1 -Receive:IP=[192.168.100.91],Code=[2],Length=[59]
*0.683215417 4500 RDS/8/DEBUG:- 1 -
[8  Framed-Address              ] [6 ] [192.168.100.241]
[3com-1  User_Access_Level        ] [6 ] [3]
[18 Reply-Message               ] [21] [Hola usuario, admin]

Has anybody done this?, should i sent something else on the reply?

Best regards.

Oxiel

__________________________________________________
Correo Yahoo!
Espacio para todos tus mensajes, antivirus y antispam ¡gratis! 
Regístrate ya - http://correo.yahoo.es

More information about the Freeradius-Users mailing list