You have deleted the part of the debug which tells how is Auth-Type set. Post the whole thing. BTW, now you do have admin account in /etc/passwd but the password is wrong. It's still not using password from the users file.
Ivan Kalik Kalik Informatika ISP Dana 17/6/2008, "Guk Viktor" <[EMAIL PROTECTED]> piše: >It tried without Auth-Type = System, also tried Auth-Type = Local. > > Processing the authenticate section of radius.conf >modcall: entering group authenticate for request 0 >rlm_unix: [admin]: invalid password > modcall[authenticate]: module "unix" returns reject for request 0 >modcall: leaving group authenticate (returns reject) for request 0 >auth: Failed to validate the user. >Login incorrect: [admin/admin] (from client 10.0.1.2 port 117612545 cli >0000-0000-0000) >> Message: 4 Date: Fri, 13 Jun 2008 15:38:57 +0100 From: "Ivan Kalik" >> <[EMAIL PROTECTED]> Subject: Re: Problem in connecting to switch on telnet >> To: "FreeRadius users mailing list" >> <freeradius-users@lists.freeradius.org> Message-ID: >> <[EMAIL PROTECTED]> Content-Type: >> text/plain; charset=ISO-8859-2 You are setting up the wrong >> authentication type. Remove Auth-Type =System from user configuration. >> 1.1.3 is old. I am not sure do you need to set Auth-Type there. If it >> doesn't work without it set Auth-Type = Local. Ivan Kalik Kalik >> Informatika ISP Dana 13/6/2008, "Guk Viktor" <[EMAIL PROTECTED]> pi?e: >>> > >>> > >>> > >>> > >>> > >>> > >>> >Hello, >>> > >>> >I have freeradius-1.1.3 and 3com switch 5500-EI. On the >>> >switch is disposed the access of users into the network through >>> >freeradius. Arose problem in >>> >connecting to switch on telnet. In the log freeradius it is indicated >>> >that the incorrect password (however password I introduce correctly). >>> > >>> >rad_recv: Access-Request packet from host 10.0.1.2:5007, id=1, >>> >length=203 >>> >??????? User-Name = "admin" >>> >??????? User-Password = "admin" >>> >??????? NAS-IP-Address = 10.0.1.2 >>> >??????? NAS-Identifier = "001ac1d4ee42" >>> >??????? NAS-Port = 117612545 >>> >??????? NAS-Port-Id = "unit=7;subslot=0;port=42;vlanid=1" >>> >??????? NAS-Port-Type = Ethernet >>> >??????? Service-Type = Login-User >>> >??????? Login-IP-Host = 10.0.1.2 >>> >??????? Calling-Station-Id = "0000-0000-0000" >>> >??????? Framed-IP-Address = 10.0.1.100 >>> >??????? Vendor-25506-Attr-26 = 0x00000003 >>> >??????? Vendor-25506-Attr-255 = 0x353530302d4549 >>> >??????? Vendor-25506-Attr-60 = >>> >0x31302e302e312e3130302030303a30303a30303a30303a30303a3030 >>> >??????? Vendor-25506-Attr-59 = 0x38e68c68 >>> >? Processing the authorize section of radiusd.conf >>> >modcall: entering group authorize for request 0 >>> >? modcall[authorize]: module "mschap" returns noop for request 0 >>> >??? rlm_realm: No '\' in User-Name = "admin", looking up realm NULL >>> >??? rlm_realm: No such realm "NULL" >>> >? modcall[authorize]: module "ntdomain" returns noop for request 0 >>> >? rlm_eap: No EAP-Message, not doing EAP >>> >? modcall[authorize]: module "eap" returns noop for request 0 >>> >??? users: Matched entry DEFAULT at line 152 >>> >??? users: Matched entry admin at line 216 >>> >? modcall[authorize]: module "files" returns ok for request 0 >>> >modcall: leaving group authorize (returns ok) for request 0 >>> >? rad_check_password:? Found Auth-Type System >>> >auth: type "System" >>> >? Processing the authenticate section of >>> >radiusd.conf >>> >modcall: entering group authenticate for request 0 >>> >? modcall[authenticate]: module "unix" returns notfound for request 0 >>> >modcall: leaving group authenticate (returns notfound) for request 0 >>> >auth: Failed to validate the user. >>> >Login incorrect: [admin/admin] (from >>> >client 10.0.1.2 port 117612545 cli 0000-0000-0000) >>> >Delaying request 0 for 1 seconds >>> >Finished request 0 >>> > >>> >Users: >>> >admin?? Auth-Type = System, User-Password == "admin" >>> >??? ?? 3Com-User-Access-Level = Administrator >>> > >>> >eap.conf: >>> >eap{ >>> >??? default_eap_type = peap >>> >??? timer_expire = 60 >>> >??? ignore_unknown_eap_type = no >>> >??? cisco_accounting_username_bug = no >>> >??? >>> >??? md5{ >>> >??? ?? } >>> > >>> >??? leap{ >>> >??? ?? } >>> > >>> >??? gtc{ >>> >??? ?? auth_type = PAP >>> >??? ?? } >>> > >>> >??? peap{ >>> >??? ?? default_eap_type = mschapv2 >>> >??? ?? use_tunneled_reply = yes >>> >??? ?? } >>> > >>> >??? mschapv2{ >>> >??? ?? } >>> >??? } >>> > >>> >It can possibly use a local authorization to switch on telnet, >>> >without freeradius. >>> > >>> >Viktor Guk >>> > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html