Cisco VPN3000 with freeradius

Mon, 15 Dec 2003 11:51:27 -0800 

Hello there,

i'am successfully authenticate Certificate users against freeradius 0.9.0 (from suse 
9.0).

BUT:  only the 'first' time. That means:

<wait a 'long' time (av. 15 min)>

<authenticate successfull>

<wait a very short time>

<authentication fails>

<wait>

<authentication fails>

<wait 'long' time>

<authentication successfull>


The debugg from the radius shows nothing special:


-----------

rad_recv: Access-Request packet from host 10.1.50.10:1064, id=38, length=125
        User-Name = "TC_TEST"
        User-Password = "12345"
        NAS-Port = 0
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Called-Station-Id = "10.1.50.10"
        Calling-Station-Id = "10.1.3.132"
        Tunnel-Client-Endpoint:0 = "10.1.3.132"
        Attr-201588758 = 0x00000001
        NAS-IP-Address = 10.1.50.10
        NAS-Port-Type = Virtual
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
  modcall[authorize]: module "chap" returns noop
rlm_eap: EAP-Message not found
  modcall[authorize]: module "eap" returns noop
    rlm_realm: No '@' in User-Name = "TC_TEST", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop
    users: Matched TC_TEST at 76
  modcall[authorize]: module "files" returns ok
  modcall[authorize]: module "mschap" returns noop
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 38 to 10.1.50.10:1064
        CVPN3000-IPSec-Banner1 = "Authenticated by FREERADIUS"
        Class = 0x46524545524144495553
Finished request 4
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 4 ID 38 with timestamp 3fde1931
Nothing to do.  Sleeping until we see a request.

-------------

The CISCO Access Control Server ACS did not show this behauvior.

I search the archive and the FAQ and did't find anything...


Has someone seen this before?

regards,

Arne


---
 
Datenzentrale Schleswig-Holstein
Altenholzer Str. 10-14, 24161 Altenholz, Germany
http://www.dzsh.de/ mailto:[EMAIL PROTECTED]
Tel: +49.431.3295.6840 Fax: +49.431.3295.410






-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to