Debug show cleartext password
Hi All i am getting a problem on Freeradius installed on CentOS. When i set the service Radiusd in debug mode and send an access request (default type PAP) through Radtest the debug show the password in cleartext. Is there an option to do not show the fiedl User-Password in cleartext? Many Thanks Marco Aresu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authorization failed in cisco switch
now i can logon into the switch but i can with all USERS. Where i can specify who can access to the switch? I add a rown in the USERS file user Auth-Type := Reject but nothing change. thanks Marco Marco Aresu On 23 July 2013 10:06, Martin Kraus lists...@wujiman.net wrote: On Mon, Jul 22, 2013 at 04:27:30PM +0200, Marco Aresu wrote: i am getting some problem with authorization in free radius i configured the users file as below : DEFAULT Auth-Type := System cisco Auth-Type := System Service-Type = NAS-Prompt-User cisco-avpair = shell:priv-lvl=15, If all you want is enable mode after login then send just Service-Type := Administrative-User and don't send the cisco-avpair at all. mk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authorization failed in cisco switch
here the debug after authentication: Found Auth-Type = PAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group PAP {...} [pap] login attempt with password secret [pap] Using CRYPT password $6$GW4SlOPp$TZhPalub.qyMY8Z9zU03FMz3A.hSv0b6ycuZT5bYeyG89HPb2Gm/FINd2pdtU79NkgYhE5TUgp5e5/w6iNA40/ [pap] User authenticated successfully ++[pap] returns ok # Executing section post-auth from file /etc/raddb/sites-enabled/default +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 70 to 172.31.61.224 port 1812 Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 70 with timestamp +12 Ready to process requests. i don't understand when he tried to find the authorizaziont because if i add a comment in the row of the user in the Users file, i get the same error. Marco Aresu On 22 July 2013 16:37, Alan DeKok al...@deployingradius.com wrote: Marco Aresu wrote: i am getting some problem with authorization in free radius i configured the users file as below : DEFAULT Auth-Type := System cisco Auth-Type := System Service-Type = NAS-Prompt-User cisco-avpair = shell:priv-lvl=15, Is it *exactly* that? i.e. did you format the entries correctly? When i try to login into a switch i receive the errore : Authorization Failed and during the debug i ve got : # Executing section post-auth from file /etc/raddb/sites-enabled/default +- entering group post-auth {...} [++[reply_log] returns ok ++[exec] returns noop You have rather a lot more than that. The whole point of the debug output is to READ IT. ALL of it. What ELSE does it say? Does the server return an Access-Accept? If so, blame the switch. Otherwise, READ THE DEBUG OUTPUT to see what's going on. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Authorization failed in cisco switch
Hi All i am getting some problem with authorization in free radius i configured the users file as below : DEFAULT Auth-Type := System cisco Auth-Type := System Service-Type = NAS-Prompt-User cisco-avpair = shell:priv-lvl=15, When i try to login into a switch i receive the errore : Authorization Failed and during the debug i ve got : # Executing section post-auth from file /etc/raddb/sites-enabled/default +- entering group post-auth {...} [++[reply_log] returns ok ++[exec] returns noop Can someone help me? thanks Marco Aresu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authorization failed in cisco switch
the only file to edit for the authorization is the Users file? thanks Marco Marco Aresu On 22 July 2013 17:03, Alan DeKok al...@deployingradius.com wrote: Marco Aresu wrote: here the debug after authentication: If you're not going to follow instructions, you shouldn't be posting questions on this list. Since you're not willing to post the full debug output here, we can't help you. Go read it yourself. i don't understand when he tried to find the authorizaziont because if i add a comment in the row of the user in the Users file, i get the same error. If only there was some way for you to figure out what the server was doing. Like maybe a debug mode? That would be wonderful. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authorization failed in cisco switch
i created two users on freeradius server and when i tried to login with the new user that is not specify in the USERS file i ve got the same error Authorization Failed I think that i am editing the wrong USERS file but the directory is /etc/raddb/users Marco Aresu On 22 July 2013 17:19, Matthew Newton m...@leicester.ac.uk wrote: On Mon, Jul 22, 2013 at 04:44:29PM +0200, Marco Aresu wrote: here the debug after authentication: Found Auth-Type = PAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group PAP {...} [pap] login attempt with password secret [pap] Using CRYPT password $6$GW4SlOPp$TZhPalub.qyMY8Z9zU03FMz3A.hSv0b6ycuZT5bYeyG89HPb2Gm/FINd2pdtU79NkgYhE5TUgp5e5/w6iNA40/ [pap] User authenticated successfully ++[pap] returns ok # Executing section post-auth from file /etc/raddb/sites-enabled/default +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 70 to 172.31.61.224 port 1812 ... The RADIUS server sent an Access-Accept. That means that if you still can't get in, it's the switch that has the problem. Matthew -- Matthew Newton, Ph.D. m...@le.ac.uk Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, ith...@le.ac.uk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius error LDAP Authentication
Hi All, i am new about FreeRadius. I am moving from Cisco ACS Tacacs to FreeRadius. During LDAP configuration i am getting the follow error : [ldap] bind as cn=User,ou=people,dc=domain,dc=it/Password to ldapserver:636 [ldap] waiting for bind result ... [ldap] cn=user,ou=people,dc=domain,dc=it bind to ldapServer:636 failed No such object [ldap] (re)connection attempt failed Any idea about the error? Below the ldap configuration server = ldapserver port = 636 identity = cn=user,ou=people,dc=domain,dc=it password = password basedn = dc=domain,dc=it filter = (uid=%{Stripped-User-Name:-%{User-Name}}) base_filter = (objectclass=groupofuniquenames) Thanks Marco Aresu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html