PAP is working:
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "secretz"
[pap] Using clear text password "secretz"
[pap] User authenticated successfully
++[pap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 21 to *.*.*.* port 1645
Cisco-AVPair = "shell:priv-lvl=15"
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 1 ID 21 with timestamp +431
Ready to process requests.
For some reason though, even when configured to do so, the authentication
attempt coming from a switch or router is not being forwarded to the KDC. I
have followed that how-to now to the letter and Active Directory is not
working, however active directory and krb are both working fine on the server;
[wbinfo -a test%test output]
plaintext password authentication failed
Could not authenticate user test%test with plaintext password
challenge/response password authentication succeeded
I'm not sure what I am missing here? Why isn't the login attempt on the switch
being forwarded to active directory? Is there something within the switch that
meeds to be set? A radius attribute maybe to identify the login attempt as
mschap?
>
> Howto will show you how to set up and test with pap first:
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
