PAP is working: ++[pap] returns updated Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password "secretz" [pap] Using clear text password "secretz" [pap] User authenticated successfully ++[pap] returns ok +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 21 to *.*.*.* port 1645 Cisco-AVPair = "shell:priv-lvl=15" Finished request 1. Going to the next request Waking up in 4.9 seconds. Cleaning up request 1 ID 21 with timestamp +431 Ready to process requests.
For some reason though, even when configured to do so, the authentication attempt coming from a switch or router is not being forwarded to the KDC. I have followed that how-to now to the letter and Active Directory is not working, however active directory and krb are both working fine on the server; [wbinfo -a test%test output] plaintext password authentication failed Could not authenticate user test%test with plaintext password challenge/response password authentication succeeded I'm not sure what I am missing here? Why isn't the login attempt on the switch being forwarded to active directory? Is there something within the switch that meeds to be set? A radius attribute maybe to identify the login attempt as mschap? > > Howto will show you how to set up and test with pap first: > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html