Problem in connecting to switch on telnet
Guk Viktor
v.guk at zaz.zp.ua
Sat Jun 21 12:34:23 CEST 2008
To all thanks. It was necessary to do thus:
admin Service-Type = Login-User
Login-Service = Telnet,
3Com-User-Access-Level = Administrator
> You will need to read the switch documentation to see what attributes do
> you need to return in order to connect. Mostly it's returning the
> correct Service-Type attribute.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 18/6/2008, "Guk Viktor" <v.guk at zaz.zp.ua> pi?e:
>
>
>> >By thanks for help, I was dismantled. But another problem arose.
>> >
>> >Radius answers:
>> >modcall: entering group authenticate for request 0
>> > HASH: user admin found in hashtable bucket 45083
>> > modcall[authenticate]: module "unix" returns ok for request 0
>> >modcall: leaving group authenticate (returns ok) for request 0
>> >Login OK: [admin/admin] (from client 10.0.1.2 port 117616641 cli
>> >0000-0000-0000)
>> >Sending Access-Accept of id 19 to 10.0.1.2 port 5007
>> > 3Com-User-Access-Level = Administrator
>> >Finished request 0
>> >
>> >But I cannot be connected on telnet. Now switch(3com 5500-EI) answers
>> >that incorrect password:
>> >Username:admin
>> >Password:
>> >% Login failed!
>>
>>> >> Prompt, what to make in that case. In the file /etc/passwd there is
>>>
>>>> >> >this line of " admin:x:500:500::/home/admin:/bin/bash ". How it
>>>> >> >is necessary to assign password?
>>>> >> >
>>>> >> >
>>>> >> >Message: 4
>>>> >> >Date: Tue, 17 Jun 2008 09:33:31 +0100
>>>> >> >From: "Ivan Kalik" <tnt at kalik.net>
>>>> >> >Subject: Re: Problem in connecting to switch on telnet
>>>> >> >To: "FreeRadius users mailing list"
>>>> >> > <freeradius-users at lists.freeradius.org>
>>>> >> >Message-ID: <JBqwPney.1213691611.8437380.tnt at kalik.co.yu>
>>>> >> >Content-Type: text/plain; charset=ISO-8859-2
>>>> >> >
>>>> >> >You have deleted the part of the debug which tells how is Auth-Type set.
>>>> >> >Post the whole thing. BTW, now you do have admin account in /etc/passwd
>>>> >> >but the password is wrong. It's still not using password from the users
>>>> >> >file.
>>>> >> >
>>>> >> >Ivan Kalik
>>>> >> >Kalik Informatika ISP
>>>> >> >
>>>> >> >
>>>> >> >Dana 17/6/2008, "Guk Viktor" <v.guk at zaz.zp.ua> pi?e:
>>>> >> >
>>>> >> >
>>>> >> >
>>>> >> > It tried without Auth-Type = System, also tried Auth-Type = Local.
>>>> >> >
>>>> >> >Processing the authenticate section of radius.conf
>>>> >> >modcall: entering group authenticate for request 0
>>>> >> >rlm_unix: [admin]: invalid password
>>>> >> >modcall[authenticate]: module "unix" returns reject for request 0
>>>> >> >modcall: leaving group authenticate (returns reject) for request 0
>>>> >> >auth: Failed to validate the user.
>>>> >> >Login incorrect: [admin/admin] (from client 10.0.1.2 port 117612545 cli
>>>> >> >0000-0000-0000)
>>>> >> >
>>>> >> >
>>>> >> > Message: 4 Date: Fri, 13 Jun 2008 15:38:57 +0100 From: "Ivan Kalik"
>>>> >> ><tnt at kalik.net> Subject: Re: Problem in connecting to switch on telnet
>>>> >> >To: "FreeRadius users mailing list"
>>>> >> ><freeradius-users at lists.freeradius.org> Message-ID:
>>>> >> ><wbdeeigX.1213367937.5098900.tnt at kalik.co.yu> Content-Type:
>>>> >> >text/plain; charset=ISO-8859-2 You are setting up the wrong
>>>> >> >authentication type. Remove Auth-Type =System from user configuration.
>>>> >> >1.1.3 is old. I am not sure do you need to set Auth-Type there. If it
>>>> >> >doesn't work without it set Auth-Type = Local. Ivan Kalik Kalik
>>>> >> >Informatika ISP Dana 13/6/2008, "Guk Viktor" <v.guk at zaz.zp.ua> pi?e:
>>>> >> >
>>>> >> >
>>>> >> >
>>>> >> >
>>>> >> >
>>>> >> >
>>>> >> >
>>>> >> >
>>>> >> >Hello,
>>>> >> >
>>>> >> >I have freeradius-1.1.3 and 3com switch 5500-EI. On the
>>>> >> >switch is disposed the access of users into the network through
>>>> >> >freeradius. Arose problem in
>>>> >> >connecting to switch on telnet. In the log freeradius it is indicated
>>>> >> >that the incorrect password (however password I introduce correctly).
>>>> >> >
>>>> >> >rad_recv: Access-Request packet from host 10.0.1.2:5007, id=1,
>>>> >> >length=203
>>>> >> >??????? User-Name = "admin"
>>>> >> >??????? User-Password = "admin"
>>>> >> >??????? NAS-IP-Address = 10.0.1.2
>>>> >> >??????? NAS-Identifier = "001ac1d4ee42"
>>>> >> >??????? NAS-Port = 117612545
>>>> >> >??????? NAS-Port-Id = "unit=7;subslot=0;port=42;vlanid=1"
>>>> >> >??????? NAS-Port-Type = Ethernet
>>>> >> >??????? Service-Type = Login-User
>>>> >> >??????? Login-IP-Host = 10.0.1.2
>>>> >> >??????? Calling-Station-Id = "0000-0000-0000"
>>>> >> >??????? Framed-IP-Address = 10.0.1.100
>>>> >> >??????? Vendor-25506-Attr-26 = 0x00000003
>>>> >> >??????? Vendor-25506-Attr-255 = 0x353530302d4549
>>>> >> >??????? Vendor-25506-Attr-60 =
>>>> >> >0x31302e302e312e3130302030303a30303a30303a30303a30303a3030
>>>> >> >??????? Vendor-25506-Attr-59 = 0x38e68c68
>>>> >> >? Processing the authorize section of radiusd.conf
>>>> >> >modcall: entering group authorize for request 0
>>>> >> >? modcall[authorize]: module "mschap" returns noop for request 0
>>>> >> >??? rlm_realm: No '\' in User-Name = "admin", looking up realm NULL
>>>> >> >??? rlm_realm: No such realm "NULL"
>>>> >> >? modcall[authorize]: module "ntdomain" returns noop for request 0
>>>> >> >? rlm_eap: No EAP-Message, not doing EAP
>>>> >> >? modcall[authorize]: module "eap" returns noop for request 0
>>>> >> >??? users: Matched entry DEFAULT at line 152
>>>> >> >??? users: Matched entry admin at line 216
>>>> >> >? modcall[authorize]: module "files" returns ok for request 0
>>>> >> >modcall: leaving group authorize (returns ok) for request 0
>>>> >> >? rad_check_password:? Found Auth-Type System
>>>> >> >auth: type "System"
>>>> >> >? Processing the authenticate section of
>>>> >> >radiusd.conf
>>>> >> >modcall: entering group authenticate for request 0
>>>> >> >? modcall[authenticate]: module "unix" returns notfound for request 0
>>>> >> >modcall: leaving group authenticate (returns notfound) for request 0
>>>> >> >auth: Failed to validate the user.
>>>> >> >Login incorrect: [admin/admin] (from
>>>> >> >client 10.0.1.2 port 117612545 cli 0000-0000-0000)
>>>> >> >Delaying request 0 for 1 seconds
>>>> >> >Finished request 0
>>>> >> >
>>>> >> >Users:
>>>> >> >admin?? Auth-Type = System, User-Password == "admin"
>>>> >> >??? ?? 3Com-User-Access-Level = Administrator
>>>> >> >
>>>> >> >eap.conf:
>>>> >> >eap{
>>>> >> >??? default_eap_type = peap
>>>> >> >??? timer_expire = 60
>>>> >> >??? ignore_unknown_eap_type = no
>>>> >> >??? cisco_accounting_username_bug = no
>>>> >> >???
>>>> >> >??? md5{
>>>> >> >??? ?? }
>>>> >> >
>>>> >> >??? leap{
>>>> >> >??? ?? }
>>>> >> >
>>>> >> >??? gtc{
>>>> >> >??? ?? auth_type = PAP
>>>> >> >??? ?? }
>>>> >> >
>>>> >> >??? peap{
>>>> >> >??? ?? default_eap_type = mschapv2
>>>> >> >??? ?? use_tunneled_reply = yes
>>>> >> >??? ?? }
>>>> >> >
>>>> >> >??? mschapv2{
>>>> >> >??? ?? }
>>>> >> >??? }
>>>> >> >
>>>> >> >It can possibly use a local authorization to switch on telnet,
>>>> >> >without freeradius.
>>>> >> >
>>>> >> >Viktor Guk
>>>>
More information about the Freeradius-Users
mailing list