Re: cisco 3825 authentication error
Dom writes: > That is why I am so confused. I do have this user in the users file > and even tested authentication using NTradping and it works fine going > directly from the Internet to the radius server. However when I try > to authenticate via the LNS I see this error. > > any idea's. Well, you did have [files] users: Matched entry DEFAULT at line 172 ++[files] returns ok so it's possible you have a default entry without fall-through, which matches some attribute in the LNS request but not in the NTradping. Difficult to know for sure without seeing the entry at line 172 of the users file, and knowing whether your user is defined before or after this line. Bjørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
cisco 3825 authentication error
That is why I am so confused. I do have this user in the users file and even tested authentication using NTradping and it works fine going directly from the Internet to the radius server. However when I try to authenticate via the LNS I see this error. any idea's. Message: 4 Date: Fri, 02 Sep 2011 09:54:50 +0200 From: Bj?rn Mork Subject: Re: cisco 3825 authentication error To: FreeRadius users mailing list Message-ID:<87r53zjs51@nemi.mork.no> Content-Type: text/plain; charset=utf-8 Dom writes: [pap] WARNING! No "known good" password found for the user. Looks good so far, but you need to tell freeradius the password for this user... E.g. by adding something like this to the "users" file: aew...@domain.com Cleartext-Password := "password" or configure some database backend or whatever. It's all in the docs Bj?rn * /To/:freeradius-users@lists.freeradius.org <mailto:freeradius-users%40lists.freeradius.org> * /Subject/: cisco 3825 authentication error * /From/: Dom mailto:dversace%40tekcorner.ca>> * /Date/: Thu, 01 Sep 2011 15:45:02 -0400 * /Reply-to/: FreeRadius users mailing list mailto:freeradius-users%40lists.freeradius.org>> * /User-agent/: Mozilla/5.0 (Windows NT 6.1; rv:6.0.1) Gecko/20110830 Thunderbird/6.0.1 I am trying to terminate vpdn sessions through our cisco 3825 usingfreeradius. I am new to this whole process and I was hoping to get someassistance with the missing configuration.Below is the error message I am receiving when trying to authenticatevia the router.rad_recv: Access-Request packet from host 64.34.66.5 port 1645, id=19,length=135 Framed-Protocol = PPP User-Name = "aew...@domain.com" User-Password = "password" Calling-Station-Id = "bas20330455" Connect-Info = "10" NAS-Port-Type = Virtual NAS-Port = 532 NAS-Port-Id = "Uniq-Sess-ID532" Service-Type = Framed-User NAS-IP-Address = 64.34.66.5 # Executing section authorize from file/etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "domain.com" for User-Name = "aew...@domain.com" [suffix] No such realm "domain.com" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry DEFAULT at line 172 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user.Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request:Rejecting the user Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> aew...@domain.com attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 19 to 64.34.66.5 port 1645 Waking up in 4.9 seconds. Cleaning up request 0 ID 19 with timestamp +381 Ready to process requests. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cisco 3825 authentication error
Dom writes: > [pap] WARNING! No "known good" password found for the user. Looks good so far, but you need to tell freeradius the password for this user... E.g. by adding something like this to the "users" file: aew...@domain.com Cleartext-Password := "password" or configure some database backend or whatever. It's all in the docs :-) Bjørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
cisco 3825 authentication error
I am trying to terminate vpdn sessions through our cisco 3825 using freeradius. I am new to this whole process and I was hoping to get some assistance with the missing configuration. Below is the error message I am receiving when trying to authenticate via the router. rad_recv: Access-Request packet from host 64.34.66.5 port 1645, id=19, length=135 Framed-Protocol = PPP User-Name = "aew...@domain.com" User-Password = "password" Calling-Station-Id = "bas20330455" Connect-Info = "10" NAS-Port-Type = Virtual NAS-Port = 532 NAS-Port-Id = "Uniq-Sess-ID532" Service-Type = Framed-User NAS-IP-Address = 64.34.66.5 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "domain.com" for User-Name = "aew...@domain.com" [suffix] No such realm "domain.com" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry DEFAULT at line 172 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> aew...@domain.com attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 19 to 64.34.66.5 port 1645 Waking up in 4.9 seconds. Cleaning up request 0 ID 19 with timestamp +381 Ready to process requests. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html