Authorization failed in cisco switch

Marco Aresu marcoaresu at gmail.com
Mon Jul 22 16:44:29 CEST 2013 

here the debug after authentication:

Found Auth-Type = PAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "secret"
[pap] Using CRYPT password
"$6$GW4SlOPp$TZhPalub.qyMY8Z9zU03FMz3A.hSv0b6ycuZT5bYeyG89HPb2Gm/FINd2pdtU79NkgYhE5TUgp5e5/w6iNA40/"
[pap] User authenticated successfully
++[pap] returns ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 70 to 172.31.61.224 port 1812
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 70 with timestamp +12
Ready to process requests.

i don't understand when he tried to find the authorizaziont because if i
add a comment in the row of the user in the Users file, i get the same
error.


Marco Aresu


On 22 July 2013 16:37, Alan DeKok <aland at deployingradius.com> wrote:

> Marco Aresu wrote:
> > i am getting some problem with authorization in free radius
> > i configured the users file as below :
> >
> >         DEFAULT   Auth-Type := System
> >         cisco   Auth-Type := System
> >         Service-Type = NAS-Prompt-User
> >         cisco-avpair = "shell:priv-lvl=15",
>
>   Is it *exactly* that?  i.e. did you format the entries correctly?
>
> > When i try to login into a switch i receive the errore : Authorization
> > Failed
> > and during the debug i ve got :
> >
> > # Executing section post-auth from file /etc/raddb/sites-enabled/default
> > +- entering group post-auth {...}
> > [++[reply_log] returns ok
> > ++[exec] returns noop
>
>   You have rather a lot more than that.
>
>   The whole point of the debug output is to READ IT.
>
>   ALL of it.
>
>   What ELSE does it say?  Does the server return an Access-Accept?  If
> so, blame the switch.  Otherwise, READ THE DEBUG OUTPUT to see what's
> going on.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130722/35950f64/attachment.html>

More information about the Freeradius-Users mailing list