Hi, I am using FreeRADIUS Server Version 0.7.1. The Server is cofigured for authentication types local and EAP. When I send an Access_Request with only user-password and NAS-Identifier, the Server is sending Access_Reject to the client. What authentication method is used by the Server for this request? In general what happens if none of the user-name, EAP-message are present in a request? The RFC 2865 is not describing much about this situation. Has anyone tried this situation?
-----Original Message----- From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED] Sent: Wednesday, March 26, 2003 10:56 AM To: [EMAIL PROTECTED] Subject: Freeradius-Users digest, Vol 1 #1676 - 4 msgs Send Freeradius-Users mailing list submissions to [EMAIL PROTECTED] To subscribe or unsubscribe via the World Wide Web, visit http://lists.cistron.nl/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of Freeradius-Users digest..." Today's Topics: 1. Unable to connect via telnet to Cisco router using Radius (b7time b7time) 2. Chat live with men & women in your area today!!! (Paul Rodriguez) 3. EAP TTLS Support (Bret Jordan) 4. Huntgroup Question ([EMAIL PROTECTED]) --__--__-- Message: 1 From: "b7time b7time" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Unable to connect via telnet to Cisco router using Radius Date: Tue, 25 Mar 2003 20:14:05 +0000 Reply-To: [EMAIL PROTECTED] Sorry forgot to put subject line Hi, My FreeRADIUS server (0.8.1) seems to be configured correctly but it seems that I am unable to connect via telnet to my Cisco 2500 router Below is the output after running -radiusd -sfxxyz -l stdout on my radius server. In addition I've also provide the debug from Cisco the router after that. Any help would be appreciated. Access-Request packet from host 10.4.176.1:1645, id=69, length=81 NAS-IP-Address = 10.4.176.1 NAS-Port = 4 NAS-Port-Type = Virtual User-Name = "username" Calling-Station-Id = "155.201.35.53" User-Password = "password" modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_chap: Could not find proper Chap-Password attribute in request modcall[authorize]: module "chap" returns noop modcall[authorize]: module "mschap" returns notfound rlm_realm: No '@' in User-Name = "username", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched username at 80 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password matches local User-Password Sending Access-Accept of id 69 to 10.4.176.1:1645 Service-Type = Login-User Login-Service = Telnet Login-TCP-Port = Telnet Framed-Protocol = PPP Framed-IP-Netmask = 255.255.255.0 Framed-Filter-Id = "std.ppp" Framed-MTU = 1500 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Accounting-Request packet from host 10.4.176.1:1646, id=70, length=97 NAS-IP-Address = 10.4.176.1 NAS-Port = 4 NAS-Port-Type = Virtual User-Name = "username" Calling-Station-Id = "155.201.35.53" Acct-Status-Type = Start Acct-Authentic = RADIUS Service-Type = NAS-Prompt-User Acct-Session-Id = "00000010" Acct-Delay-Time = 0 modcall: entering group preacct modcall[preacct]: module "preprocess" returns noop rlm_realm: No '@' in User-Name = "username", looking up realm NULL rlm_realm: No such realm NULL modcall[preacct]: module "suffix" returns noop modcall[preacct]: module "files" returns noop modcall: group preacct returns noop modcall: entering group accounting rlm_acct_unique: WARNING: Attribute 87 was not found in request, unique ID MAY b e inconsistent rlm_acct_unique: Hashing ',Client-IP-Address = 10.4.176.1,NAS-IP-Address = 10.4. 176.1,Acct-Session-Id = "00000010",User-Name = "username"' rlm_acct_unique: Acct-Unique-Session-ID = "524f218940a363fa". modcall[accounting]: module "acct_unique" returns ok radius_xlat: '/usr/local/var/log/radius/radacct/10.4.176.1/detail-20030325' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.4.176.1/detail-20030325 modcall[accounting]: module "detail" returns ok modcall[accounting]: module "unix" returns ok radius_xlat: 'username' modcall[accounting]: module "radutmp" returns ok modcall: group accounting returns ok Sending Accounting-Response of id 70 to 10.4.176.1:1646 Finished request 1 Going to the next request Cleaning up request 1 ID 70 with timestamp 3e80b99d rl_next: returning NULL Waking up in 6 seconds... rad_recv: Accounting-Request packet from host 10.4.176.1:1646, id=71, length=109 NAS-IP-Address = 10.4.176.1 NAS-Port = 4 NAS-Port-Type = Virtual User-Name = "username" Calling-Station-Id = "155.201.35.53" Acct-Status-Type = Stop Acct-Authentic = RADIUS Service-Type = NAS-Prompt-User Acct-Session-Id = "00000010" Acct-Terminate-Cause = User-Request Acct-Session-Time = 0 Acct-Delay-Time = 0 modcall: entering group preacct modcall[preacct]: module "preprocess" returns noop rlm_realm: No '@' in User-Name = "username", looking up realm NULL rlm_realm: No such realm NULL modcall[preacct]: module "suffix" returns noop modcall[preacct]: module "files" returns noop modcall: group preacct returns noop modcall: entering group accounting rlm_acct_unique: WARNING: Attribute 87 was not found in request, unique ID MAY b e inconsistent rlm_acct_unique: Hashing ',Client-IP-Address = 10.4.176.1,NAS-IP-Address = 10.4. 176.1,Acct-Session-Id = "00000010",User-Name = "username"' rlm_acct_unique: Acct-Unique-Session-ID = "524f218940a363fa". modcall[accounting]: module "acct_unique" returns ok radius_xlat: '/usr/local/var/log/radius/radacct/10.4.176.1/detail-20030325' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.4.176.1/detail-20030325 modcall[accounting]: module "detail" returns ok modcall[accounting]: module "unix" returns ok radius_xlat: 'vbitondo' modcall[accounting]: module "radutmp" returns ok modcall: group accounting returns ok Sending Accounting-Response of id 71 to 10.4.176.1:1646 Finished request 2 Going to the next request Cleaning up request 2 ID 71 with timestamp 3e80b99d rl_next: returning NULL Waking up in 6 seconds... Cisco debug output............... 4w0d: RADIUS: ustruct sharecount=1 4w0d: Radius: radius_port_info() success=1 radius_nas_port=1 4w0d: RADIUS: Initial Transmit tty4 id 69 10.4.152.11:1812, Access-Request, len 81 4w0d: Attribute 4 6 0A04B001 4w0d: Attribute 5 6 00000004 4w0d: Attribute 61 6 00000005 4w0d: Attribute 1 10 76626974 4w0d: Attribute 31 15 3135352E 4w0d: Attribute 2 18 E37EC7E3 4w0d: RADIUS: Received from id 69 10.4.152.11:1812, Access-Accept, len 65 4w0d: Attribute 6 6 00000001 4w0d: Attribute 15 6 00000000 4w0d: Attribute 16 6 00000017 4w0d: Attribute 7 6 00000001 4w0d: Attribute 9 6 FFFFFF00 4w0d: Attribute 11 9 7374642E 4w0d: Attribute 12 6 000005DC 4w0d: RADIUS: saved authorization data for user 3A064C at 3A0D94 4w0d: RADIUS: Constructed " ppp negotiate 23 " 4w0d: RADIUS: ustruct sharecount=4 4w0d: Radius: radius_port_info() success=1 radius_nas_port=1 4w0d: RADIUS: ustruct sharecount=3 4w0d: Radius: radius_port_info() success=1 radius_nas_port=1 4w0d: RADIUS: Initial Transmit tty4 id 70 10.4.152.11:1813, Accounting-Request, len 97 4w0d: Attribute 4 6 0A04B001 4w0d: Attribute 5 6 00000004 4w0d: Attribute 61 6 00000005 4w0d: Attribute 1 10 76626974 4w0d: Attribute 31 15 3135352E 4w0d: Attribute 40 6 00000001 4w0d: Attribute 45 6 00000001 4w0d: Attribute 6 6 00000007 4w0d: Attribute 44 10 30303030 4w0d: Attribute 41 6 00000000 4w0d: RADIUS: Initial Transmit tty4 id 71 10.4.152.11:1813, Accounting-Request, len 109 4w0d: Attribute 4 6 0A04B001 4w0d: Attribute 5 6 00000004 4w0d: Attribute 61 6 00000005 4w0d: Attribute 1 10 76626974 4w0d: Attribute 31 15 3135352E 4w0d: Attribute 40 6 00000002 4w0d: Attribute 45 6 00000001 4w0d: Attribute 6 6 00000007 4w0d: Attribute 44 10 30303030 4w0d: Attribute 49 6 00000001 4w0d: Attribute 46 6 00000000 4w0d: Attribute 41 6 00000000 4w0d: RADIUS: Received from id 70 10.4.152.11:1813, Accounting-response, len 20 4w0d: RADIUS: Received from id 71 10.4.152.11:1813, Accounting-response, len 20- -- Walking the entire request list --- Cleaning up request 0 ID 69 with timestamp 3e80b99d Nothing to do. Sleeping until we see a request. _________________________________________________________________ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus --__--__-- Message: 2 To: [EMAIL PROTECTED] From: "Paul Rodriguez" <[EMAIL PROTECTED]> Subject: Chat live with men & women in your area today!!! Date: Tue, 25 Mar 2003 15:14:08 -0500 (EST) Reply-To: [EMAIL PROTECTED] <HTML> <HEAD> <TITLE>FREE LIVE CHAT!</TITLE> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> </HEAD> <BODY BGCOLOR=#99CCFF LEFTMARGIN=0 TOPMARGIN=10 MARGINWIDTH=0 MARGINHEIGHT=0> <TABLE WIDTH=550 BORDER=0 align="center" CELLPADDING=0 CELLSPACING=0> <TR> <TD COLSPAN=3> <a href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161" target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat01.gif" ALT="" WIDTH=171 HEIGHT=66 border="0"></a></TD> <TD> <a href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161" target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat02.gif" ALT="" WIDTH=379 HEIGHT=66 border="0"></a></TD> </TR> <TR> <TD COLSPAN=4> <a href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161" target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat03.gif" ALT="" WIDTH=550 HEIGHT=27 border="0"></a></TD> </TR> <TR> <TD ROWSPAN=8> <a href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161" target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat04.gif" ALT="" WIDTH=16 HEIGHT=357 border="0"></a></TD> <TD> <a href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161" target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat05.jpg" ALT="" WIDTH=76 HEIGHT=75 border="0"></a></TD> <TD COLSPAN=2> <a href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161" target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat06.gif" ALT="" WIDTH=458 HEIGHT=75 border="0"></a></TD> </TR> <TR> <TD COLSPAN=3> <a href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161" target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat07.gif" ALT="" WIDTH=534 HEIGHT=15 border="0"></a></TD> </TR> <TR> <TD> <a href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161" target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat08.jpg" ALT="" WIDTH=76 HEIGHT=75 border="0"></a></TD> <TD COLSPAN=2> <a href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161" target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat09.gif" ALT="" WIDTH=458 HEIGHT=75 border="0"></a></TD> </TR> <TR> <TD COLSPAN=3> <a href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161" target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat10.gif" ALT="" WIDTH=534 HEIGHT=14 border="0"></a></TD> </TR> <TR> <TD> <a href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161" target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat11.jpg" ALT="" WIDTH=76 HEIGHT=76 border="0"></a></TD> <TD COLSPAN=2> <a href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161" target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat12.gif" ALT="" WIDTH=458 HEIGHT=76 border="0"></a></TD> </TR> <TR> <TD COLSPAN=3> <a href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161" target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat13.gif" ALT="" WIDTH=534 HEIGHT=14 border="0"></a></TD> </TR> <TR> <TD> <a href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161" target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat14.jpg" ALT="" WIDTH=76 HEIGHT=76 border="0"></a></TD> <TD COLSPAN=2> <a href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161" target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat15.gif" ALT="" WIDTH=458 HEIGHT=76 border="0"></a></TD> </TR> <TR> <TD COLSPAN=3> <a href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161" target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat16.gif" ALT="" WIDTH=534 HEIGHT=12 border="0"></a></TD> </TR> <TR> <TD COLSPAN=4> <a href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161" target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat17.gif" ALT="" WIDTH=550 HEIGHT=25 border="0"></a></TD> </TR> <TR> <TD> <IMG SRC="http://images.emailhello.com/email/images/noadchat18.gif" WIDTH=16 HEIGHT=1 ALT=""></TD> <TD> <IMG SRC="http://images.emailhello.com/email/images/noadchat18.gif" WIDTH=76 HEIGHT=1 ALT=""></TD> <TD> <IMG SRC="http://images.emailhello.com/email/images/noadchat18.gif" WIDTH=79 HEIGHT=1 ALT=""></TD> <TD> <IMG SRC="http://images.emailhello.com/email/images/noadchat18.gif" WIDTH=379 HEIGHT=1 ALT=""></TD> </TR> </TABLE> <BR><BR> <center> <BR><CENTER><A HREF="http://www.yipit.com/finish/[EMAIL PROTECTED]&source_id=15&mojo=517364333"><IMG SRC="http://www.yipit.com/finish/img.gif"></A></CENTER><IMG SRC="http://open.impulsive.com/open?u=517364333&b=6161&mojo=517364333"><BR><!-- [EMAIL PROTECTED] --> </center> </BODY> </HTML> --__--__-- Message: 3 Date: Tue, 25 Mar 2003 13:53:35 -0700 From: Bret Jordan <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: EAP TTLS Support Reply-To: [EMAIL PROTECTED] Just wondering if TTLS support is on the road map for freeradius or if anyone is working on this... Thanks Bret -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Bret Jordan Dean's Office Computer Administrator College of Engineering 801.585.3765 University of Utah [EMAIL PROTECTED] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --__--__-- Message: 4 Date: Wed, 26 Mar 2003 15:05:43 +1100 To: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Subject: Huntgroup Question Reply-To: [EMAIL PROTECTED] hello Currently I administer approximately 100 Cisco routers, switches and access servers, every device uses radius authentication for access weather accessed via async, ISDN or VTY. Access to VTY has in the past been restricted solely by access-lists applied to the terminal lines. A situation has arisen where access-lists restrictions can no longer be used and I'm wondering if anyone has a solution for the following I wish to place ALL devices into a single huntgroup that allows only VTY access to specified users ie: userA is an administrator and is allowed both VTY and ASYNC access userB is a customer and is allowed only ASYNC access Regards akernagh. --__--__-- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html End of Freeradius-Users Digest Note: Unless otherwise noted, the information provided by this mail does not represent the official statements or views of Ionic Microsystems. Privileged/Confidential information may be contained in this message and may be subject to legal privilege. Access to this e-mail by anyone other than the intended is unauthorised. If you are not the intended recipient (or responsible for delivery of the message to such person), you may not use, copy, distribute or deliver this message (or any part of its contents ) to anyone or take any action in reliance on it. In such case, you should destroy this message, and notify us immediately. If you have received this email in error, please notify us immediately by e-mail or telephone and delete the e-mail from any computer. If you or your employer does not consent to internet e-mail messages of this kind, please notify us immediately. All reasonable precautions have been taken to ensure no viruses are present in this e-mail. As our company cannot accept responsibility for any loss or damage arising from the use of this e-mail or attachments we recommend that you subject these to your virus checking procedures prior to use.
<<application/ms-tnef>>