It was a misspelledkey ('1' and 'l'
look the same in some fonts)...
It works OK now, I want to thank to all the
people who made freeradius...
Mario.
- Original Message -
From: "Mario Vodopivec" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, July 05, 2002 4:14
PM
Subject: Authentication problem with
PIX-515
I am using FreeRadius 0.5 and Cisco PIX-515 Firewall.
Authentication is denied and it looks exactly like the secret key is
misspelled on PIX, however I already checked that and it is not.
'radtest' utility works just fine. Does anyone know if there is
something specific with PIX that would cause this problem?
Here is a portion of clients.conf file and the debug output:
client 10.10.1.1 {
secret =
jg8d63196hfg
shortname = pix }
rad_recv: Access-Request packet from host 10.10.1.1:1645, id=74,
length=57 User-Name =
"mario" NAS-IP-Address =
10.10.1.1 User-Password =
"\303\035s.\343\000\255l\323\236Z\217DG*\033"
NAS-Port = 5 modcall:
entering group authorize modcall[authorize]: module "preprocess"
returns ok rlm_eap: EAP-Message not found
modcall[authorize]: module "eap" returns noop modcall[authorize]:
module "suffix" returns ok radius_xlat: 'mario' sql_escape
in: 'mario' sql_escape out: 'mario'
sql_set_user: escaped user -- 'mario' radius_xlat:
'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username =
'mario' ORDER BY id' rlm_sql: Reserving sql socket id: 4
rlm_postgresql Status: PGRES_TUPLES_OK sql_postgresql: affected rows
= radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
usergroup.Username = 'mario' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id' rlm_postgresql
Status: PGRES_TUPLES_OK sql_postgresql: affected rows =
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply
WHERE Username = 'mario' ORDER BY id' rlm_postgresql Status:
PGRES_TUPLES_OK sql_postgresql: affected rows =
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
usergroup.Username = 'mario' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_postgresql
Status: PGRES_TUPLES_OK sql_postgresql: affected rows =
radius_xlat: 'SELECT Value,Attribute FROM radcheck WHERE UserName =
'mario' AND ( Attribute = 'User-Password' OR Attribute = 'Password' OR
Attribute = 'Crypt-Password' ) ORDER BY Attribute DESC'
rlm_postgresql Status: PGRES_TUPLES_OK sql_postgresql: affected rows
= rlm_sql: Released sql socket id: 4 modcall[authorize]:
module "sql" returns ok modcall: group authorize returns ok
auth: type Local auth: Failed to validate the user. Login
incorrect: [mario/s\222,\252\031\362\217\314gw\371\352\345\350\260*]
(from nas pix port 5) WARNING: Unprintable characters in the
password. ? Double-check the shared secret on the server and the
NAS! Delaying request 0 for 1 seconds Finished request 0
Going to the next request --- Walking the entire request list
--- Waking up in 1 seconds... --- Walking the entire request
list --- Waking up in 1 seconds... --- Walking the entire
request list --- Sending Access-Reject of id 74 to
10.10.1.1:1645 Waking up in 4 seconds... --- Walking the entire
request list --- Cleaning up request 0 ID 74 with timestamp
3d25f8e9 Nothing to do. Sleeping until we see a request.