Hi,
I am using FreeRADIUS Server Version 0.7.1. The Server is cofigured for
authentication types local and EAP. When I send an Access_Request
with only user-password and NAS-Identifier, the Server is sending Access_Reject
to the client. What authentication method is used by the Server for this request?
In general what happens if none of the user-name, EAP-message are
present in a request? The RFC 2865 is not describing much about this situation.
Has anyone tried this situation?
-----Original Message-----
From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]
Sent: Wednesday, March 26, 2003 10:56 AM
To: [EMAIL PROTECTED]
Subject: Freeradius-Users digest, Vol 1 #1676 - 4 msgs
Send Freeradius-Users mailing list submissions to
[EMAIL PROTECTED]
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.cistron.nl/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Unable to connect via telnet to Cisco router using Radius (b7time b7time)
2. Chat live with men & women in your area today!!! (Paul Rodriguez)
3. EAP TTLS Support (Bret Jordan)
4. Huntgroup Question ([EMAIL PROTECTED])
--__--__--
Message: 1
From: "b7time b7time" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Unable to connect via telnet to Cisco router using Radius
Date: Tue, 25 Mar 2003 20:14:05 +0000
Reply-To: [EMAIL PROTECTED]
Sorry forgot to put subject line
Hi,
My FreeRADIUS server (0.8.1) seems to be configured correctly but it seems
that I am unable to connect via telnet to my Cisco 2500 router Below is the
output after running -radiusd -sfxxyz -l stdout on my radius server. In
addition I've also provide the debug from Cisco the router after that. Any
help would be appreciated.
Access-Request packet from host 10.4.176.1:1645, id=69, length=81
NAS-IP-Address = 10.4.176.1
NAS-Port = 4
NAS-Port-Type = Virtual
User-Name = "username"
Calling-Station-Id = "155.201.35.53"
User-Password = "password"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
modcall[authorize]: module "mschap" returns notfound
rlm_realm: No '@' in User-Name = "username", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched username at 80
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 69 to 10.4.176.1:1645
Service-Type = Login-User
Login-Service = Telnet
Login-TCP-Port = Telnet
Framed-Protocol = PPP
Framed-IP-Netmask = 255.255.255.0
Framed-Filter-Id = "std.ppp"
Framed-MTU = 1500
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Accounting-Request packet from host 10.4.176.1:1646, id=70,
length=97
NAS-IP-Address = 10.4.176.1
NAS-Port = 4
NAS-Port-Type = Virtual
User-Name = "username"
Calling-Station-Id = "155.201.35.53"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Service-Type = NAS-Prompt-User
Acct-Session-Id = "00000010"
Acct-Delay-Time = 0
modcall: entering group preacct
modcall[preacct]: module "preprocess" returns noop
rlm_realm: No '@' in User-Name = "username", looking up realm NULL
rlm_realm: No such realm NULL
modcall[preacct]: module "suffix" returns noop
modcall[preacct]: module "files" returns noop
modcall: group preacct returns noop
modcall: entering group accounting
rlm_acct_unique: WARNING: Attribute 87 was not found in request, unique ID
MAY b
e inconsistent
rlm_acct_unique: Hashing ',Client-IP-Address = 10.4.176.1,NAS-IP-Address =
10.4.
176.1,Acct-Session-Id = "00000010",User-Name = "username"'
rlm_acct_unique: Acct-Unique-Session-ID = "524f218940a363fa".
modcall[accounting]: module "acct_unique" returns ok
radius_xlat: '/usr/local/var/log/radius/radacct/10.4.176.1/detail-20030325'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.4.176.1/detail-20030325
modcall[accounting]: module "detail" returns ok
modcall[accounting]: module "unix" returns ok
radius_xlat: 'username'
modcall[accounting]: module "radutmp" returns ok
modcall: group accounting returns ok
Sending Accounting-Response of id 70 to 10.4.176.1:1646
Finished request 1
Going to the next request
Cleaning up request 1 ID 70 with timestamp 3e80b99d
rl_next: returning NULL
Waking up in 6 seconds...
rad_recv: Accounting-Request packet from host 10.4.176.1:1646, id=71,
length=109
NAS-IP-Address = 10.4.176.1
NAS-Port = 4
NAS-Port-Type = Virtual
User-Name = "username"
Calling-Station-Id = "155.201.35.53"
Acct-Status-Type = Stop
Acct-Authentic = RADIUS
Service-Type = NAS-Prompt-User
Acct-Session-Id = "00000010"
Acct-Terminate-Cause = User-Request
Acct-Session-Time = 0
Acct-Delay-Time = 0
modcall: entering group preacct
modcall[preacct]: module "preprocess" returns noop
rlm_realm: No '@' in User-Name = "username", looking up realm NULL
rlm_realm: No such realm NULL
modcall[preacct]: module "suffix" returns noop
modcall[preacct]: module "files" returns noop
modcall: group preacct returns noop
modcall: entering group accounting
rlm_acct_unique: WARNING: Attribute 87 was not found in request, unique ID
MAY b
e inconsistent
rlm_acct_unique: Hashing ',Client-IP-Address = 10.4.176.1,NAS-IP-Address =
10.4.
176.1,Acct-Session-Id = "00000010",User-Name = "username"'
rlm_acct_unique: Acct-Unique-Session-ID = "524f218940a363fa".
modcall[accounting]: module "acct_unique" returns ok
radius_xlat: '/usr/local/var/log/radius/radacct/10.4.176.1/detail-20030325'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.4.176.1/detail-20030325
modcall[accounting]: module "detail" returns ok
modcall[accounting]: module "unix" returns ok
radius_xlat: 'vbitondo'
modcall[accounting]: module "radutmp" returns ok
modcall: group accounting returns ok
Sending Accounting-Response of id 71 to 10.4.176.1:1646
Finished request 2
Going to the next request
Cleaning up request 2 ID 71 with timestamp 3e80b99d
rl_next: returning NULL
Waking up in 6 seconds...
Cisco debug output...............
4w0d: RADIUS: ustruct sharecount=1
4w0d: Radius: radius_port_info() success=1 radius_nas_port=1
4w0d: RADIUS: Initial Transmit tty4 id 69 10.4.152.11:1812, Access-Request,
len
81
4w0d: Attribute 4 6 0A04B001
4w0d: Attribute 5 6 00000004
4w0d: Attribute 61 6 00000005
4w0d: Attribute 1 10 76626974
4w0d: Attribute 31 15 3135352E
4w0d: Attribute 2 18 E37EC7E3
4w0d: RADIUS: Received from id 69 10.4.152.11:1812, Access-Accept, len 65
4w0d: Attribute 6 6 00000001
4w0d: Attribute 15 6 00000000
4w0d: Attribute 16 6 00000017
4w0d: Attribute 7 6 00000001
4w0d: Attribute 9 6 FFFFFF00
4w0d: Attribute 11 9 7374642E
4w0d: Attribute 12 6 000005DC
4w0d: RADIUS: saved authorization data for user 3A064C at 3A0D94
4w0d: RADIUS: Constructed " ppp negotiate 23 "
4w0d: RADIUS: ustruct sharecount=4
4w0d: Radius: radius_port_info() success=1 radius_nas_port=1
4w0d: RADIUS: ustruct sharecount=3
4w0d: Radius: radius_port_info() success=1 radius_nas_port=1
4w0d: RADIUS: Initial Transmit tty4 id 70 10.4.152.11:1813,
Accounting-Request,
len 97
4w0d: Attribute 4 6 0A04B001
4w0d: Attribute 5 6 00000004
4w0d: Attribute 61 6 00000005
4w0d: Attribute 1 10 76626974
4w0d: Attribute 31 15 3135352E
4w0d: Attribute 40 6 00000001
4w0d: Attribute 45 6 00000001
4w0d: Attribute 6 6 00000007
4w0d: Attribute 44 10 30303030
4w0d: Attribute 41 6 00000000
4w0d: RADIUS: Initial Transmit tty4 id 71 10.4.152.11:1813,
Accounting-Request,
len 109
4w0d: Attribute 4 6 0A04B001
4w0d: Attribute 5 6 00000004
4w0d: Attribute 61 6 00000005
4w0d: Attribute 1 10 76626974
4w0d: Attribute 31 15 3135352E
4w0d: Attribute 40 6 00000002
4w0d: Attribute 45 6 00000001
4w0d: Attribute 6 6 00000007
4w0d: Attribute 44 10 30303030
4w0d: Attribute 49 6 00000001
4w0d: Attribute 46 6 00000000
4w0d: Attribute 41 6 00000000
4w0d: RADIUS: Received from id 70 10.4.152.11:1813, Accounting-response, len
20
4w0d: RADIUS: Received from id 71 10.4.152.11:1813, Accounting-response, len
20-
-- Walking the entire request list ---
Cleaning up request 0 ID 69 with timestamp 3e80b99d
Nothing to do. Sleeping until we see a request.
_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE*
http://join.msn.com/?page=features/virus
--__--__--
Message: 2
To: [EMAIL PROTECTED]
From: "Paul Rodriguez" <[EMAIL PROTECTED]>
Subject: Chat live with men & women in your area today!!!
Date: Tue, 25 Mar 2003 15:14:08 -0500 (EST)
Reply-To: [EMAIL PROTECTED]
<HTML>
<HEAD>
<TITLE>FREE LIVE CHAT!</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
</HEAD>
<BODY BGCOLOR=#99CCFF LEFTMARGIN=0 TOPMARGIN=10 MARGINWIDTH=0 MARGINHEIGHT=0>
<TABLE WIDTH=550 BORDER=0 align="center" CELLPADDING=0 CELLSPACING=0>
<TR>
<TD COLSPAN=3> <a
href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161";
target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat01.gif";
ALT="" WIDTH=171 HEIGHT=66 border="0"></a></TD>
<TD> <a href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161";
target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat02.gif";
ALT="" WIDTH=379 HEIGHT=66 border="0"></a></TD>
</TR>
<TR>
<TD COLSPAN=4> <a
href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161";
target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat03.gif";
ALT="" WIDTH=550 HEIGHT=27 border="0"></a></TD>
</TR>
<TR>
<TD ROWSPAN=8> <a
href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161";
target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat04.gif";
ALT="" WIDTH=16 HEIGHT=357 border="0"></a></TD>
<TD> <a href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161";
target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat05.jpg";
ALT="" WIDTH=76 HEIGHT=75 border="0"></a></TD>
<TD COLSPAN=2> <a
href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161";
target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat06.gif";
ALT="" WIDTH=458 HEIGHT=75 border="0"></a></TD>
</TR>
<TR>
<TD COLSPAN=3> <a
href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161";
target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat07.gif";
ALT="" WIDTH=534 HEIGHT=15 border="0"></a></TD>
</TR>
<TR>
<TD> <a href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161";
target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat08.jpg";
ALT="" WIDTH=76 HEIGHT=75 border="0"></a></TD>
<TD COLSPAN=2> <a
href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161";
target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat09.gif";
ALT="" WIDTH=458 HEIGHT=75 border="0"></a></TD>
</TR>
<TR>
<TD COLSPAN=3> <a
href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161";
target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat10.gif";
ALT="" WIDTH=534 HEIGHT=14 border="0"></a></TD>
</TR>
<TR>
<TD> <a href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161";
target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat11.jpg";
ALT="" WIDTH=76 HEIGHT=76 border="0"></a></TD>
<TD COLSPAN=2> <a
href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161";
target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat12.gif";
ALT="" WIDTH=458 HEIGHT=76 border="0"></a></TD>
</TR>
<TR>
<TD COLSPAN=3> <a
href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161";
target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat13.gif";
ALT="" WIDTH=534 HEIGHT=14 border="0"></a></TD>
</TR>
<TR>
<TD> <a href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161";
target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat14.jpg";
ALT="" WIDTH=76 HEIGHT=76 border="0"></a></TD>
<TD COLSPAN=2> <a
href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161";
target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat15.gif";
ALT="" WIDTH=458 HEIGHT=76 border="0"></a></TD>
</TR>
<TR>
<TD COLSPAN=3> <a
href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161";
target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat16.gif";
ALT="" WIDTH=534 HEIGHT=12 border="0"></a></TD>
</TR>
<TR>
<TD COLSPAN=4> <a
href="http://redir.impulsive.com/redir?id=3266&u=517364333&b=6161";
target="_blank"><IMG SRC="http://images.emailhello.com/email/images/noadchat17.gif";
ALT="" WIDTH=550 HEIGHT=25 border="0"></a></TD>
</TR>
<TR>
<TD>
<IMG
SRC="http://images.emailhello.com/email/images/noadchat18.gif"; WIDTH=16 HEIGHT=1
ALT=""></TD>
<TD>
<IMG
SRC="http://images.emailhello.com/email/images/noadchat18.gif"; WIDTH=76 HEIGHT=1
ALT=""></TD>
<TD>
<IMG
SRC="http://images.emailhello.com/email/images/noadchat18.gif"; WIDTH=79 HEIGHT=1
ALT=""></TD>
<TD>
<IMG
SRC="http://images.emailhello.com/email/images/noadchat18.gif"; WIDTH=379 HEIGHT=1
ALT=""></TD>
</TR>
</TABLE>
<BR><BR>
<center>
<BR><CENTER><A HREF="http://www.yipit.com/finish/[EMAIL
PROTECTED]&source_id=15&mojo=517364333"><IMG
SRC="http://www.yipit.com/finish/img.gif";></A></CENTER><IMG
SRC="http://open.impulsive.com/open?u=517364333&b=6161&mojo=517364333";><BR><!-- [EMAIL
PROTECTED] -->
</center>
</BODY>
</HTML>
--__--__--
Message: 3
Date: Tue, 25 Mar 2003 13:53:35 -0700
From: Bret Jordan <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: EAP TTLS Support
Reply-To: [EMAIL PROTECTED]
Just wondering if TTLS support is on the road map for freeradius or if
anyone is working on this...
Thanks
Bret
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Bret Jordan Dean's Office
Computer Administrator College of Engineering
801.585.3765 University of Utah
[EMAIL PROTECTED]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--__--__--
Message: 4
Date: Wed, 26 Mar 2003 15:05:43 +1100
To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
Subject: Huntgroup Question
Reply-To: [EMAIL PROTECTED]
hello
Currently I administer approximately 100 Cisco routers, switches and access
servers, every device uses radius authentication for access weather
accessed via async, ISDN or VTY. Access to VTY has in the past been
restricted solely by access-lists applied to the terminal lines. A
situation has arisen where access-lists restrictions can no longer be used
and I'm wondering if anyone has a solution for the following
I wish to place ALL devices into a single huntgroup that allows only VTY
access to specified users ie:
userA is an administrator and is allowed both VTY and ASYNC access
userB is a customer and is allowed only ASYNC access
Regards
akernagh.
--__--__--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
End of Freeradius-Users Digest
Note:
Unless otherwise noted, the information provided by this mail does not represent
the official statements or views of Ionic Microsystems.
Privileged/Confidential information may be contained in this message and may be
subject to legal privilege. Access to this e-mail by anyone other than the intended is
unauthorised. If you are not the intended recipient (or responsible for delivery of
the message to such person), you may not use, copy, distribute or deliver this message
(or any part of its contents ) to anyone or take any action in reliance on it. In such
case, you should destroy this message, and notify us immediately. If you have received
this email in error, please notify us immediately by e-mail or telephone and delete
the e-mail from any computer.
If you or your employer does not consent to internet e-mail messages of this kind,
please notify us immediately. All reasonable precautions have been taken to ensure no
viruses are present in this e-mail. As our company cannot accept responsibility for
any loss or damage arising from the use of this e-mail or attachments we recommend
that you subject these to your virus checking procedures prior to use.
<<application/ms-tnef>>
![http://images.emailhello.com/email/images/noadchat01.gif"](http://images.emailhello.com/email/images/noadchat01.gif"){kind=link}
![http://images.emailhello.com/email/images/noadchat02.gif"](http://images.emailhello.com/email/images/noadchat02.gif"){kind=link}
![http://images.emailhello.com/email/images/noadchat03.gif"](http://images.emailhello.com/email/images/noadchat03.gif"){kind=link}
![http://images.emailhello.com/email/images/noadchat04.gif"](http://images.emailhello.com/email/images/noadchat04.gif"){kind=link}
![http://images.emailhello.com/email/images/noadchat05.jpg"](http://images.emailhello.com/email/images/noadchat05.jpg"){kind=link}
![http://images.emailhello.com/email/images/noadchat06.gif"](http://images.emailhello.com/email/images/noadchat06.gif"){kind=link}
![http://images.emailhello.com/email/images/noadchat07.gif"](http://images.emailhello.com/email/images/noadchat07.gif"){kind=link}
![http://images.emailhello.com/email/images/noadchat08.jpg"](http://images.emailhello.com/email/images/noadchat08.jpg"){kind=link}
![http://images.emailhello.com/email/images/noadchat09.gif"](http://images.emailhello.com/email/images/noadchat09.gif"){kind=link}
![http://images.emailhello.com/email/images/noadchat10.gif"](http://images.emailhello.com/email/images/noadchat10.gif"){kind=link}
![http://images.emailhello.com/email/images/noadchat11.jpg"](http://images.emailhello.com/email/images/noadchat11.jpg"){kind=link}
![http://images.emailhello.com/email/images/noadchat12.gif"](http://images.emailhello.com/email/images/noadchat12.gif"){kind=link}
![http://images.emailhello.com/email/images/noadchat13.gif"](http://images.emailhello.com/email/images/noadchat13.gif"){kind=link}
![http://images.emailhello.com/email/images/noadchat14.jpg"](http://images.emailhello.com/email/images/noadchat14.jpg"){kind=link}
![http://images.emailhello.com/email/images/noadchat15.gif"](http://images.emailhello.com/email/images/noadchat15.gif"){kind=link}
![http://images.emailhello.com/email/images/noadchat16.gif"](http://images.emailhello.com/email/images/noadchat16.gif"){kind=link}
![http://images.emailhello.com/email/images/noadchat17.gif"](http://images.emailhello.com/email/images/noadchat17.gif"){kind=link}
![http://images.emailhello.com/email/images/noadchat18.gif"](http://images.emailhello.com/email/images/noadchat18.gif"){kind=link}
![http://www.yipit.com/finish/img.gif"](http://www.yipit.com/finish/img.gif"){kind=link}