Prompt, what to make in that case. In the file /etc/passwd there is
this line of " admin:x:500:500::/home/admin:/bin/bash ". How it
is necessary to assign password?
Message: 4
Date: Tue, 17 Jun 2008 09:33:31 +0100
From: "Ivan Kalik" <[EMAIL PROTECTED]>
Subject: Re: Problem in connecting to switch on telnet
To: "FreeRadius users mailing list"
<freeradius-users@lists.freeradius.org>
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-2
You have deleted the part of the debug which tells how is Auth-Type set.
Post the whole thing. BTW, now you do have admin account in /etc/passwd
but the password is wrong. It's still not using password from the users
file.
Ivan Kalik
Kalik Informatika ISP
Dana 17/6/2008, "Guk Viktor" <[EMAIL PROTECTED]> pi?e:
It tried without Auth-Type = System, also tried Auth-Type = Local.
Processing the authenticate section of radius.conf
modcall: entering group authenticate for request 0
rlm_unix: [admin]: invalid password
modcall[authenticate]: module "unix" returns reject for request 0
modcall: leaving group authenticate (returns reject) for request 0
auth: Failed to validate the user.
Login incorrect: [admin/admin] (from client 10.0.1.2 port 117612545 cli
0000-0000-0000)
Message: 4 Date: Fri, 13 Jun 2008 15:38:57 +0100 From: "Ivan Kalik"
<[EMAIL PROTECTED]> Subject: Re: Problem in connecting to switch on telnet
To: "FreeRadius users mailing list"
<freeradius-users@lists.freeradius.org> Message-ID:
<[EMAIL PROTECTED]> Content-Type:
text/plain; charset=ISO-8859-2 You are setting up the wrong
authentication type. Remove Auth-Type =System from user configuration.
1.1.3 is old. I am not sure do you need to set Auth-Type there. If it
doesn't work without it set Auth-Type = Local. Ivan Kalik Kalik
Informatika ISP Dana 13/6/2008, "Guk Viktor" <[EMAIL PROTECTED]> pi?e:
Hello,
I have freeradius-1.1.3 and 3com switch 5500-EI. On the
switch is disposed the access of users into the network through
freeradius. Arose problem in
connecting to switch on telnet. In the log freeradius it is indicated
that the incorrect password (however password I introduce correctly).
rad_recv: Access-Request packet from host 10.0.1.2:5007, id=1,
length=203
??????? User-Name = "admin"
??????? User-Password = "admin"
??????? NAS-IP-Address = 10.0.1.2
??????? NAS-Identifier = "001ac1d4ee42"
??????? NAS-Port = 117612545
??????? NAS-Port-Id = "unit=7;subslot=0;port=42;vlanid=1"
??????? NAS-Port-Type = Ethernet
??????? Service-Type = Login-User
??????? Login-IP-Host = 10.0.1.2
??????? Calling-Station-Id = "0000-0000-0000"
??????? Framed-IP-Address = 10.0.1.100
??????? Vendor-25506-Attr-26 = 0x00000003
??????? Vendor-25506-Attr-255 = 0x353530302d4549
??????? Vendor-25506-Attr-60 =
0x31302e302e312e3130302030303a30303a30303a30303a30303a3030
??????? Vendor-25506-Attr-59 = 0x38e68c68
? Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
? modcall[authorize]: module "mschap" returns noop for request 0
??? rlm_realm: No '\' in User-Name = "admin", looking up realm NULL
??? rlm_realm: No such realm "NULL"
? modcall[authorize]: module "ntdomain" returns noop for request 0
? rlm_eap: No EAP-Message, not doing EAP
? modcall[authorize]: module "eap" returns noop for request 0
??? users: Matched entry DEFAULT at line 152
??? users: Matched entry admin at line 216
? modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
? rad_check_password:? Found Auth-Type System
auth: type "System"
? Processing the authenticate section of
radiusd.conf
modcall: entering group authenticate for request 0
? modcall[authenticate]: module "unix" returns notfound for request 0
modcall: leaving group authenticate (returns notfound) for request 0
auth: Failed to validate the user.
Login incorrect: [admin/admin] (from
client 10.0.1.2 port 117612545 cli 0000-0000-0000)
Delaying request 0 for 1 seconds
Finished request 0
Users:
admin?? Auth-Type = System, User-Password == "admin"
??? ?? 3Com-User-Access-Level = Administrator
eap.conf:
eap{
??? default_eap_type = peap
??? timer_expire = 60
??? ignore_unknown_eap_type = no
??? cisco_accounting_username_bug = no
???
??? md5{
??? ?? }
??? leap{
??? ?? }
??? gtc{
??? ?? auth_type = PAP
??? ?? }
??? peap{
??? ?? default_eap_type = mschapv2
??? ?? use_tunneled_reply = yes
??? ?? }
??? mschapv2{
??? ?? }
??? }
It can possibly use a local authorization to switch on telnet,
without freeradius.
Viktor Guk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
|
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html