Problem in connecting to switch on telnet

Ivan Kalik tnt at kalik.net
Tue Jun 17 10:33:31 CEST 2008


You have deleted the part of the debug which tells how is Auth-Type set.
Post the whole thing. BTW, now you do have admin account in /etc/passwd
but the password is wrong. It's still not using password from the users
file.

Ivan Kalik
Kalik Informatika ISP


Dana 17/6/2008, "Guk Viktor" <v.guk at zaz.zp.ua> piše:

>It tried without Auth-Type = System, also tried Auth-Type = Local.
>
> Processing the authenticate section of radius.conf
>modcall: entering group authenticate for request 0
>rlm_unix: [admin]: invalid password
> modcall[authenticate]: module "unix" returns reject for request 0
>modcall: leaving group authenticate (returns reject) for request 0
>auth: Failed to validate the user.
>Login incorrect: [admin/admin] (from client 10.0.1.2 port 117612545 cli
>0000-0000-0000)
>> Message: 4 Date: Fri, 13 Jun 2008 15:38:57 +0100 From: "Ivan Kalik"
>> <tnt at kalik.net> Subject: Re: Problem in connecting to switch on telnet
>> To: "FreeRadius users mailing list"
>> <freeradius-users at lists.freeradius.org> Message-ID:
>> <wbdeeigX.1213367937.5098900.tnt at kalik.co.yu> Content-Type:
>> text/plain; charset=ISO-8859-2 You are setting up the wrong
>> authentication type. Remove Auth-Type =System from user configuration.
>> 1.1.3 is old. I am not sure do you need to set Auth-Type there. If it
>> doesn't work without it set Auth-Type = Local. Ivan Kalik Kalik
>> Informatika ISP Dana 13/6/2008, "Guk Viktor" <v.guk at zaz.zp.ua> pi?e:
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >Hello,
>>> >
>>> >I have freeradius-1.1.3 and 3com switch 5500-EI. On the
>>> >switch is disposed the access of users into the network through
>>> >freeradius. Arose problem in
>>> >connecting to switch on telnet. In the log freeradius it is indicated
>>> >that the incorrect password (however password I introduce correctly).
>>> >
>>> >rad_recv: Access-Request packet from host 10.0.1.2:5007, id=1,
>>> >length=203
>>> >??????? User-Name = "admin"
>>> >??????? User-Password = "admin"
>>> >??????? NAS-IP-Address = 10.0.1.2
>>> >??????? NAS-Identifier = "001ac1d4ee42"
>>> >??????? NAS-Port = 117612545
>>> >??????? NAS-Port-Id = "unit=7;subslot=0;port=42;vlanid=1"
>>> >??????? NAS-Port-Type = Ethernet
>>> >??????? Service-Type = Login-User
>>> >??????? Login-IP-Host = 10.0.1.2
>>> >??????? Calling-Station-Id = "0000-0000-0000"
>>> >??????? Framed-IP-Address = 10.0.1.100
>>> >??????? Vendor-25506-Attr-26 = 0x00000003
>>> >??????? Vendor-25506-Attr-255 = 0x353530302d4549
>>> >??????? Vendor-25506-Attr-60 =
>>> >0x31302e302e312e3130302030303a30303a30303a30303a30303a3030
>>> >??????? Vendor-25506-Attr-59 = 0x38e68c68
>>> >? Processing the authorize section of radiusd.conf
>>> >modcall: entering group authorize for request 0
>>> >? modcall[authorize]: module "mschap" returns noop for request 0
>>> >??? rlm_realm: No '\' in User-Name = "admin", looking up realm NULL
>>> >??? rlm_realm: No such realm "NULL"
>>> >? modcall[authorize]: module "ntdomain" returns noop for request 0
>>> >? rlm_eap: No EAP-Message, not doing EAP
>>> >? modcall[authorize]: module "eap" returns noop for request 0
>>> >??? users: Matched entry DEFAULT at line 152
>>> >??? users: Matched entry admin at line 216
>>> >? modcall[authorize]: module "files" returns ok for request 0
>>> >modcall: leaving group authorize (returns ok) for request 0
>>> >? rad_check_password:? Found Auth-Type System
>>> >auth: type "System"
>>> >? Processing the authenticate section of
>>> >radiusd.conf
>>> >modcall: entering group authenticate for request 0
>>> >? modcall[authenticate]: module "unix" returns notfound for request 0
>>> >modcall: leaving group authenticate (returns notfound) for request 0
>>> >auth: Failed to validate the user.
>>> >Login incorrect: [admin/admin] (from
>>> >client 10.0.1.2 port 117612545 cli 0000-0000-0000)
>>> >Delaying request 0 for 1 seconds
>>> >Finished request 0
>>> >
>>> >Users:
>>> >admin?? Auth-Type = System, User-Password == "admin"
>>> >??? ?? 3Com-User-Access-Level = Administrator
>>> >
>>> >eap.conf:
>>> >eap{
>>> >??? default_eap_type = peap
>>> >??? timer_expire = 60
>>> >??? ignore_unknown_eap_type = no
>>> >??? cisco_accounting_username_bug = no
>>> >???
>>> >??? md5{
>>> >??? ?? }
>>> >
>>> >??? leap{
>>> >??? ?? }
>>> >
>>> >??? gtc{
>>> >??? ?? auth_type = PAP
>>> >??? ?? }
>>> >
>>> >??? peap{
>>> >??? ?? default_eap_type = mschapv2
>>> >??? ?? use_tunneled_reply = yes
>>> >??? ?? }
>>> >
>>> >??? mschapv2{
>>> >??? ?? }
>>> >??? }
>>> >
>>> >It can possibly use a local authorization to switch on telnet,
>>> >without freeradius.
>>> >
>>> >Viktor Guk
>>> >
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>




More information about the Freeradius-Users mailing list