Problem in connecting to switch on telnet
To all thanks. It was necessary to do thus: admin Service-Type = Login-User Login-Service = Telnet, 3Com-User-Access-Level = Administrator You will need to read the switch documentation to see what attributes do you need to return in order to connect. Mostly it's returning the correct Service-Type attribute. Ivan Kalik Kalik Informatika ISP Dana 18/6/2008, "Guk Viktor" <[EMAIL PROTECTED]> pi?e: >By thanks for help, I was dismantled. But another problem arose. > >Radius answers: >modcall: entering group authenticate for request 0 > HASH: user admin found in hashtable bucket 45083 > modcall[authenticate]: module "unix" returns ok for request 0 >modcall: leaving group authenticate (returns ok) for request 0 >Login OK: [admin/admin] (from client 10.0.1.2 port 117616641 cli >--) >Sending Access-Accept of id 19 to 10.0.1.2 port 5007 >3Com-User-Access-Level = Administrator >Finished request 0 > >But I cannot be connected on telnet. Now switch(3com 5500-EI) answers >that incorrect password: >Username:admin >Password: >% Login failed! >> Prompt, what to make in that case. In the file /etc/passwd there is >> >this line of " admin:x:500:500::/home/admin:/bin/bash ". How it >> >is necessary to assign password? >> > >> > >> >Message: 4 >> >Date: Tue, 17 Jun 2008 09:33:31 +0100 >> >From: "Ivan Kalik" <[EMAIL PROTECTED]> >> >Subject: Re: Problem in connecting to switch on telnet >> >To: "FreeRadius users mailing list" >> > >> >Message-ID: <[EMAIL PROTECTED]> >> >Content-Type: text/plain; charset=ISO-8859-2 >> > >> >You have deleted the part of the debug which tells how is Auth-Type set. >> >Post the whole thing. BTW, now you do have admin account in /etc/passwd >> >but the password is wrong. It's still not using password from the users >> >file. >> > >> >Ivan Kalik >> >Kalik Informatika ISP >> > >> > >> >Dana 17/6/2008, "Guk Viktor" <[EMAIL PROTECTED]> pi?e: >> > >> > >> > >> >It tried without Auth-Type = System, also tried Auth-Type = Local. >> > >> >Processing the authenticate section of radius.conf >> >modcall: entering group authenticate for request 0 >> >rlm_unix: [admin]: invalid password >> >modcall[authenticate]: module "unix" returns reject for request 0 >> >modcall: leaving group authenticate (returns reject) for request 0 >> >auth: Failed to validate the user. >> >Login incorrect: [admin/admin] (from client 10.0.1.2 port 117612545 cli >> >--) >> > >> > >> > Message: 4 Date: Fri, 13 Jun 2008 15:38:57 +0100 From: "Ivan Kalik" >> ><[EMAIL PROTECTED]> Subject: Re: Problem in connecting to switch on telnet >> >To: "FreeRadius users mailing list" >> > Message-ID: >> ><[EMAIL PROTECTED]> Content-Type: >> >text/plain; charset=ISO-8859-2 You are setting up the wrong >> >authentication type. Remove Auth-Type =System from user configuration. >> >1.1.3 is old. I am not sure do you need to set Auth-Type there. If it >> >doesn't work without it set Auth-Type = Local. Ivan Kalik Kalik >> >Informatika ISP Dana 13/6/2008, "Guk Viktor" <[EMAIL PROTECTED]> pi?e: >> > >> > >> > >> > >> > >> > >> > >> > >> >Hello, >> > >> >I have freeradius-1.1.3 and 3com switch 5500-EI. On the >> >switch is disposed the access of users into the network through >> >freeradius. Arose problem in >> >connecting to switch on telnet. In the log freeradius it is indicated >> >that the incorrect password (however password I introduce correctly). >> > >> >rad_recv: Access-Request packet from host 10.0.1.2:5007, id=1, >> >length=203 >> >??? User-Name = "admin" >> >??? User-Password = "admin" >> >??? NAS-IP-Address = 10.0.1.2 >> >??? NAS-Identifier = "001ac1d4ee42" >> >??? NAS-Port = 117612545 >> >??? NAS-Port-Id = "unit=7;subslot=0;port=42;vlanid=1" >> >??? NAS-Port-Type = Ethernet >> >??? Service-Type = Login-User >> >??? Login-IP-Host = 10.0.1.2 >> >??? Calling-Station-Id = "--" >> >??? Framed-IP-Address = 10.0.1.100 >> >??? Vendor-25506-Attr-26 = 0x0
Problem in connecting to switch on telnet
By thanks for help, I was dismantled. But another problem arose. Radius answers: modcall: entering group authenticate for request 0 HASH: user admin found in hashtable bucket 45083 modcall[authenticate]: module "unix" returns ok for request 0 modcall: leaving group authenticate (returns ok) for request 0 Login OK: [admin/admin] (from client 10.0.1.2 port 117616641 cli --) Sending Access-Accept of id 19 to 10.0.1.2 port 5007 3Com-User-Access-Level = Administrator Finished request 0 But I cannot be connected on telnet. Now switch(3com 5500-EI) answers that incorrect password: Username:admin Password: % Login failed! Prompt, what to make in that case. In the file /etc/passwd there is >this line of " admin:x:500:500::/home/admin:/bin/bash ". How it >is necessary to assign password? > > >Message: 4 >Date: Tue, 17 Jun 2008 09:33:31 +0100 >From: "Ivan Kalik" <[EMAIL PROTECTED]> >Subject: Re: Problem in connecting to switch on telnet >To: "FreeRadius users mailing list" > >Message-ID: <[EMAIL PROTECTED]> >Content-Type: text/plain; charset=ISO-8859-2 > >You have deleted the part of the debug which tells how is Auth-Type set. >Post the whole thing. BTW, now you do have admin account in /etc/passwd >but the password is wrong. It's still not using password from the users >file. > >Ivan Kalik >Kalik Informatika ISP > > >Dana 17/6/2008, "Guk Viktor" <[EMAIL PROTECTED]> pi?e: > > > >It tried without Auth-Type = System, also tried Auth-Type = Local. > >Processing the authenticate section of radius.conf >modcall: entering group authenticate for request 0 >rlm_unix: [admin]: invalid password >modcall[authenticate]: module "unix" returns reject for request 0 >modcall: leaving group authenticate (returns reject) for request 0 >auth: Failed to validate the user. >Login incorrect: [admin/admin] (from client 10.0.1.2 port 117612545 cli >--) > > > Message: 4 Date: Fri, 13 Jun 2008 15:38:57 +0100 From: "Ivan Kalik" ><[EMAIL PROTECTED]> Subject: Re: Problem in connecting to switch on telnet >To: "FreeRadius users mailing list" > Message-ID: ><[EMAIL PROTECTED]> Content-Type: >text/plain; charset=ISO-8859-2 You are setting up the wrong >authentication type. Remove Auth-Type =System from user configuration. >1.1.3 is old. I am not sure do you need to set Auth-Type there. If it >doesn't work without it set Auth-Type = Local. Ivan Kalik Kalik >Informatika ISP Dana 13/6/2008, "Guk Viktor" <[EMAIL PROTECTED]> pi?e: > > > > > > > > >Hello, > >I have freeradius-1.1.3 and 3com switch 5500-EI. On the >switch is disposed the access of users into the network through >freeradius. Arose problem in >connecting to switch on telnet. In the log freeradius it is indicated >that the incorrect password (however password I introduce correctly). > >rad_recv: Access-Request packet from host 10.0.1.2:5007, id=1, >length=203 >??? User-Name = "admin" >??? User-Password = "admin" >??? NAS-IP-Address = 10.0.1.2 >??? NAS-Identifier = "001ac1d4ee42" >??? NAS-Port = 117612545 >??? NAS-Port-Id = "unit=7;subslot=0;port=42;vlanid=1" >??? NAS-Port-Type = Ethernet >??? Service-Type = Login-User >??? Login-IP-Host = 10.0.1.2 >??? Calling-Station-Id = "--" >??? Framed-IP-Address = 10.0.1.100 >??? Vendor-25506-Attr-26 = 0x0003 >??? Vendor-25506-Attr-255 = 0x353530302d4549 >??? Vendor-25506-Attr-60 = >0x31302e302e312e3130302030303a30303a30303a30303a30303a3030 >??? Vendor-25506-Attr-59 = 0x38e68c68 >? Processing the authorize section of radiusd.conf >modcall: entering group authorize for request 0 >? modcall[authorize]: module "mschap" returns noop for request 0 >??? rlm_realm: No '\' in User-Name = "admin", looking up realm NULL >??? rlm_realm: No such realm "NULL" >? modcall[authorize]: module "ntdomain" returns noop for request 0 >? rlm_eap: No EAP-Message, not doing EAP >? modcall[authorize]: module "eap" returns noop for request 0 >??? users: Matched entry DEFAULT at line 152 >??? users: Matched entry admin at line 216 >? modcall[authorize]: module "files" returns ok for request 0 >modcall: leaving group authorize (returns ok) for request 0 >? rad_check_password:? Found Auth-Type System >auth: type "System" >? Processing the authenticate section of >radiusd.conf >modcall: entering group authenticate for request 0 >? modcall[authenticate]
Problem in connecting to switch on telnet
Prompt, what to make in that case. In the file /etc/passwd there is this line of " admin:x:500:500::/home/admin:/bin/bash ". How it is necessary to assign password? Message: 4 Date: Tue, 17 Jun 2008 09:33:31 +0100 From: "Ivan Kalik" <[EMAIL PROTECTED]> Subject: Re: Problem in connecting to switch on telnet To: "FreeRadius users mailing list" Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-2 You have deleted the part of the debug which tells how is Auth-Type set. Post the whole thing. BTW, now you do have admin account in /etc/passwd but the password is wrong. It's still not using password from the users file. Ivan Kalik Kalik Informatika ISP Dana 17/6/2008, "Guk Viktor" <[EMAIL PROTECTED]> pi?e: It tried without Auth-Type = System, also tried Auth-Type = Local. Processing the authenticate section of radius.conf modcall: entering group authenticate for request 0 rlm_unix: [admin]: invalid password modcall[authenticate]: module "unix" returns reject for request 0 modcall: leaving group authenticate (returns reject) for request 0 auth: Failed to validate the user. Login incorrect: [admin/admin] (from client 10.0.1.2 port 117612545 cli --) Message: 4 Date: Fri, 13 Jun 2008 15:38:57 +0100 From: "Ivan Kalik" <[EMAIL PROTECTED]> Subject: Re: Problem in connecting to switch on telnet To: "FreeRadius users mailing list" Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-2 You are setting up the wrong authentication type. Remove Auth-Type =System from user configuration. 1.1.3 is old. I am not sure do you need to set Auth-Type there. If it doesn't work without it set Auth-Type = Local. Ivan Kalik Kalik Informatika ISP Dana 13/6/2008, "Guk Viktor" <[EMAIL PROTECTED]> pi?e: Hello, I have freeradius-1.1.3 and 3com switch 5500-EI. On the switch is disposed the access of users into the network through freeradius. Arose problem in connecting to switch on telnet. In the log freeradius it is indicated that the incorrect password (however password I introduce correctly). rad_recv: Access-Request packet from host 10.0.1.2:5007, id=1, length=203 ??? User-Name = "admin" ??? User-Password = "admin" ??? NAS-IP-Address = 10.0.1.2 ??? NAS-Identifier = "001ac1d4ee42" ??? NAS-Port = 117612545 ??? NAS-Port-Id = "unit=7;subslot=0;port=42;vlanid=1" ??? NAS-Port-Type = Ethernet ??? Service-Type = Login-User ??? Login-IP-Host = 10.0.1.2 ??? Calling-Station-Id = "--" ??? Framed-IP-Address = 10.0.1.100 ??? Vendor-25506-Attr-26 = 0x0003 ??? Vendor-25506-Attr-255 = 0x353530302d4549 ??? Vendor-25506-Attr-60 = 0x31302e302e312e3130302030303a30303a30303a30303a30303a3030 ??? Vendor-25506-Attr-59 = 0x38e68c68 ? Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 ? modcall[authorize]: module "mschap" returns noop for request 0 ??? rlm_realm: No '\' in User-Name = "admin", looking up realm NULL ??? rlm_realm: No such realm "NULL" ? modcall[authorize]: module "ntdomain" returns noop for request 0 ? rlm_eap: No EAP-Message, not doing EAP ? modcall[authorize]: module "eap" returns noop for request 0 ??? users: Matched entry DEFAULT at line 152 ??? users: Matched entry admin at line 216 ? modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 ? rad_check_password:? Found Auth-Type System auth: type "System" ? Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 ? modcall[authenticate]: module "unix" returns notfound for request 0 modcall: leaving group authenticate (returns notfound) for request 0 auth: Failed to validate the user. Login incorrect: [admin/admin] (from client 10.0.1.2 port 117612545 cli --) Delaying request 0 for 1 seconds Finished request 0 Users: admin?? Auth-Type = System, User-Password == "admin" ??? ?? 3Com-User-Access-Level = Administrator eap.conf: eap{ ??? default_eap_type = peap ??? timer_expire = 60 ??? ignore_unknown_eap_type = no ??? cisco_accounting_username_bug = no ??? ??? md5{ ??? ?? } ??? leap{ ??? ?? } ??? gtc{ ??? ?? auth_type = PAP ??? ?? } ??? peap{ ??? ?? default_eap_type = mschapv2 ??? ?? use_tunneled_reply = yes ??? ?? } ??? mschapv2{ ??? ?? } ??? } It can possibly use a local authorization to switch on telnet, without freeradius. Viktor Guk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem in connecting to switch on telnet
It tried without Auth-Type = System, also tried Auth-Type = Local. Processing the authenticate section of radius.conf modcall: entering group authenticate for request 0 rlm_unix: [admin]: invalid password modcall[authenticate]: module "unix" returns reject for request 0 modcall: leaving group authenticate (returns reject) for request 0 auth: Failed to validate the user. Login incorrect: [admin/admin] (from client 10.0.1.2 port 117612545 cli --) Message: 4 Date: Fri, 13 Jun 2008 15:38:57 +0100 From: "Ivan Kalik" <[EMAIL PROTECTED]> Subject: Re: Problem in connecting to switch on telnet To: "FreeRadius users mailing list" Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-2 You are setting up the wrong authentication type. Remove Auth-Type =System from user configuration. 1.1.3 is old. I am not sure do you need to set Auth-Type there. If it doesn't work without it set Auth-Type = Local. Ivan Kalik Kalik Informatika ISP Dana 13/6/2008, "Guk Viktor" <[EMAIL PROTECTED]> pi?e: > > > > > > >Hello, > >I have freeradius-1.1.3 and 3com switch 5500-EI. On the >switch is disposed the access of users into the network through >freeradius. Arose problem in >connecting to switch on telnet. In the log freeradius it is indicated >that the incorrect password (however password I introduce correctly). > >rad_recv: Access-Request packet from host 10.0.1.2:5007, id=1, >length=203 >??? User-Name = "admin" >??? User-Password = "admin" >??? NAS-IP-Address = 10.0.1.2 >??? NAS-Identifier = "001ac1d4ee42" >??? NAS-Port = 117612545 >??? NAS-Port-Id = "unit=7;subslot=0;port=42;vlanid=1" >??? NAS-Port-Type = Ethernet >??? Service-Type = Login-User >??? Login-IP-Host = 10.0.1.2 >??? Calling-Station-Id = "--" >??? Framed-IP-Address = 10.0.1.100 >??? Vendor-25506-Attr-26 = 0x0003 >??? Vendor-25506-Attr-255 = 0x353530302d4549 >??? Vendor-25506-Attr-60 = >0x31302e302e312e3130302030303a30303a30303a30303a30303a3030 >??? Vendor-25506-Attr-59 = 0x38e68c68 >? Processing the authorize section of radiusd.conf >modcall: entering group authorize for request 0 >? modcall[authorize]: module "mschap" returns noop for request 0 >??? rlm_realm: No '\' in User-Name = "admin", looking up realm NULL >??? rlm_realm: No such realm "NULL" >? modcall[authorize]: module "ntdomain" returns noop for request 0 >? rlm_eap: No EAP-Message, not doing EAP >? modcall[authorize]: module "eap" returns noop for request 0 >??? users: Matched entry DEFAULT at line 152 >??? users: Matched entry admin at line 216 >? modcall[authorize]: module "files" returns ok for request 0 >modcall: leaving group authorize (returns ok) for request 0 >? rad_check_password:? Found Auth-Type System >auth: type "System" >? Processing the authenticate section of >radiusd.conf >modcall: entering group authenticate for request 0 >? modcall[authenticate]: module "unix" returns notfound for request 0 >modcall: leaving group authenticate (returns notfound) for request 0 >auth: Failed to validate the user. >Login incorrect: [admin/admin] (from >client 10.0.1.2 port 117612545 cli --) >Delaying request 0 for 1 seconds >Finished request 0 > >Users: >admin?? Auth-Type = System, User-Password == "admin" >??? ?? 3Com-User-Access-Level = Administrator > >eap.conf: >eap{ >??? default_eap_type = peap >??? timer_expire = 60 >??? ignore_unknown_eap_type = no >??? cisco_accounting_username_bug = no >??? >??? md5{ >??? ?? } > >??? leap{ >??? ?? } > >??? gtc{ >??? ?? auth_type = PAP >??? ?? } > >??? peap{ >??? ?? default_eap_type = mschapv2 >??? ?? use_tunneled_reply = yes >??? ?? } > >??? mschapv2{ >??? ?? } >??? } > >It can possibly use a local authorization to switch on telnet, >without freeradius. > >Viktor Guk > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem in connecting to switch on telnet
Hello, I have freeradius-1.1.3 and 3com switch 5500-EI. On the switch is disposed the access of users into the network through freeradius. Arose problem in connecting to switch on telnet. In the log freeradius it is indicated that the incorrect password (however password I introduce correctly). rad_recv: Access-Request packet from host 10.0.1.2:5007, id=1, length=203 User-Name = "admin" User-Password = "admin" NAS-IP-Address = 10.0.1.2 NAS-Identifier = "001ac1d4ee42" NAS-Port = 117612545 NAS-Port-Id = "unit=7;subslot=0;port=42;vlanid=1" NAS-Port-Type = Ethernet Service-Type = Login-User Login-IP-Host = 10.0.1.2 Calling-Station-Id = "--" Framed-IP-Address = 10.0.1.100 Vendor-25506-Attr-26 = 0x0003 Vendor-25506-Attr-255 = 0x353530302d4549 Vendor-25506-Attr-60 = 0x31302e302e312e3130302030303a30303a30303a30303a30303a3030 Vendor-25506-Attr-59 = 0x38e68c68 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '\' in User-Name = "admin", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "ntdomain" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry DEFAULT at line 152 users: Matched entry admin at line 216 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 modcall[authenticate]: module "unix" returns notfound for request 0 modcall: leaving group authenticate (returns notfound) for request 0 auth: Failed to validate the user. Login incorrect: [admin/admin] (from client 10.0.1.2 port 117612545 cli --) Delaying request 0 for 1 seconds Finished request 0 Users: admin Auth-Type = System, User-Password == "admin" 3Com-User-Access-Level = Administrator eap.conf: eap{ default_eap_type = peap timer_expire = 60 ignore_unknown_eap_type = no cisco_accounting_username_bug = no md5{ } leap{ } gtc{ auth_type = PAP } peap{ default_eap_type = mschapv2 use_tunneled_reply = yes } mschapv2{ } } It can possibly use a local authorization to switch on telnet, without freeradius. Viktor Guk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Whether the FreeRADIUS supports switch 3Com 5500G-EI ?
Did you put use-tunneled-reply=yes in peap config? I also can't see freeradius config files. Ivan Kalik Kalik Informatika ISP Dana 10/6/2008, "Krzysztof Olędzki" <[EMAIL PROTECTED]> piše: Sorry! We changed "use_tunneled_reply = yes" in other file of сonfig freeradius. After they found where necessarily correctly everything it earned(eap.conf). By all large thanks for help!!! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html