Alan DeKok wrote:
Andrew Bogorodsky <[EMAIL PROTECTED]> wrote:1) on the switch: 2524.1q(config)# aaa authentication port-access chap-radius
mysql> select * from radcheck;
+----+----------+---------------+----+-------+
| id | UserName | Attribute | op | Value |
+----+----------+---------------+----+-------+
| 2 | ab | CHAP-Password | := | 123 |
Huh? What the heck is that? Delete it.
Sorry, but UserName and Password ARE both valid and correct..
What can be wrong and how I can debug this?
You shouldn't set the value of CHAP-Password. It's completely and
totally wrong. It's the cause of the problem.
in radiusd log:
Wed Mar 23 11:39:54 2005 : Debug: modsingle[authenticate]: calling chap (rlm_chap) for request 0
Wed Mar 23 11:39:54 2005 : Debug: rlm_chap: login attempt by "ab" with CHAP password
Wed Mar 23 11:39:54 2005 : Debug: rlm_chap: Using clear text password 123 for user ab authentication.
Wed Mar 23 11:39:54 2005 : Debug: rlm_chap: Pasword check failed
Wed Mar 23 11:39:54 2005 : Debug: modsingle[authenticate]: returned from chap (rlm_chap) for request 0
Wed Mar 23 11:39:54 2005 : Debug: modcall[authenticate]: module "chap" returns reject for request 0
Wed Mar 23 11:39:54 2005 : Debug: modcall: group Auth-Type returns reject for request 0
Wed Mar 23 11:39:54 2005 : Debug: auth: Failed to validate the user.
2) on the switch: 2524.1q(config)# aaa authentication port-access eap-radius
we have nonsence switch request about PPP (HP can't answer about this)
in radiusd log:
rad_recv: Access-Request packet from host 10.108.3.122:1031, id=129, length=210
Framed-MTU = 1480
NAS-IP-Address = 10.108.3.122
NAS-Identifier = "2524.1q"
User-Name = "ab"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 14
NAS-Port-Type = Ethernet
NAS-Port-Id = "14"
Called-Station-Id = "00-11-0a-04-58-ae"
Calling-Station-Id = "00-00-21-f8-f4-ea"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "802"
State = 0x9d64a015721f5541e3465a6c1ad7fd29
EAP-Message = 0x020b00061900
Message-Authenticator = 0x83ff5504dbac850dd5b38a554d157494
[skip]
Wed Mar 23 11:43:33 2005 : Debug: rlm_sql (sql): Released sql socket id: 4
Wed Mar 23 11:43:33 2005 : Debug: modsingle[authorize]: returned from sql (rlm_sql) for request10
Wed Mar 23 11:43:33 2005 : Debug: modcall[authorize]: module "sql" returns ok for request 10
Wed Mar 23 11:43:33 2005 : Debug: modcall: group authorize returns updated for request 10
Wed Mar 23 11:43:33 2005 : Debug: rad_check_password: Found Auth-Type EAP
Wed Mar 23 11:43:33 2005 : Debug: auth: type "EAP"
Wed Mar 23 11:43:33 2005 : Debug: Processing the authenticate section of radiusd.conf
Wed Mar 23 11:43:33 2005 : Debug: modcall: entering group authenticate for request 10
Wed Mar 23 11:43:33 2005 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 10
Wed Mar 23 11:43:33 2005 : Debug: rlm_eap: Request found, released from the list
Wed Mar 23 11:43:33 2005 : Debug: rlm_eap: EAP/peap
Wed Mar 23 11:43:33 2005 : Debug: rlm_eap: processing type peap
Wed Mar 23 11:43:33 2005 : Debug: rlm_eap_peap: Authenticate
Wed Mar 23 11:43:33 2005 : Debug: rlm_eap_tls: processing TLS
Wed Mar 23 11:43:33 2005 : Info: rlm_eap_tls: Received EAP-TLS ACK message
Wed Mar 23 11:43:33 2005 : Debug: rlm_eap_tls: ack handshake fragment handler
Wed Mar 23 11:43:33 2005 : Debug: eaptls_verify returned 1
Wed Mar 23 11:43:33 2005 : Debug: eaptls_process returned 13
Wed Mar 23 11:43:33 2005 : Debug: rlm_eap_peap: EAPTLS_HANDLED
Wed Mar 23 11:43:33 2005 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 10
Wed Mar 23 11:43:33 2005 : Debug: modcall[authenticate]: module "eap" returns handled for request 10
Wed Mar 23 11:43:33 2005 : Debug: modcall: group authenticate returns handled for request 10
Sending Access-Challenge of id 129 to 10.108.3.122:1031
Framed-IP-Address := 255.255.255.255
Framed-MTU := 1492
Service-Type := Framed-User
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
Framed-IP-Netmask := 255.255.255.0
EAP-Message = 0x010c00061900
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3faff93316683f0f70a43e6cb5626e5c
And switch can't apply Framed-Protocol = PPP ... :-(
--
=================================
Andrew Bogorodsky
=================================- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
