Hello All,
I brought up a Freeradius Server on a windows machine for some simple Lab-testings with aaa and portbased security.
I am getting to this machine and I see the cisco device connecting up to the service trying to authenticate.
I added an user to the user conf and the client installation is also done.
I tried to setup in a first step a simple dot1q authentication /authorization within a local username inside the radius-server configuration.
I checked shared secret and userpassword and confirmed them to be the same.
For whatever reason the user-authentication is not working because of a kind of encryption failure.
Could anyone give me the hint, where I did fail?
The switch says:
2d05h: RADIUS: Received from id 36 192.168.1.3:1812, Access-Reject, len 20
2d05h: RADIUS: Response (36) failed decrypt
2d05h: RADIUS: ustruct sharecount=3
2d05h: RADIUS: Initial Transmit tty2 id 37 192.168.1.3:1813, Accounting-Request, len 94
2d05h: Attribute 4 6 C0A8016E
2d05h: Attribute 5 6 00000002
2d05h: Attribute 61 6 00000005
2d05h: Attribute 1 8 72626C61
2d05h: Attribute 31 14 3139322E
2d05h: Attribute 40 6 00000001
2d05h: Attribute 45 6 00000002
2d05h: Attribute 6 6 00000007
2d05h: Attribute 44 10 30303030
2d05h: Attribute 41 6 00000000
and the Server says:
modcall[authorize]: module "auth_log" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "robert.lang", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry DEFAULT at line 174
modcall[authorize]: module "files" returns ok for request 0
rlm_pap: WARNING! No "known good" password found for the user. Authentication m
ay fail because of this.
modcall[authorize]: module "pap" returns noop for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type System
auth: type "System"
ERROR: Unknown value specified for Auth-Type. Cannot perform requested action
.
auth: Failed to validate the user.
Login incorrect: [robert.lang/,c\014\202I\357UN1\005\207p\222G\003\227] (from client Server-Switch port 2 cli 192.168.1.32)
WARNING: Unprintable characters in the password. ? Double-check the shared secret on the server and the NAS!
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 33 to 192.168.1.110 port 1812
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 33 with timestamp 4f490e6e
Nothing to do. Sleeping until we see a request.
Thank you in advance
I brought up a Freeradius Server on a windows machine for some simple Lab-testings with aaa and portbased security.
I am getting to this machine and I see the cisco device connecting up to the service trying to authenticate.
I added an user to the user conf and the client installation is also done.
I tried to setup in a first step a simple dot1q authentication /authorization within a local username inside the radius-server configuration.
I checked shared secret and userpassword and confirmed them to be the same.
For whatever reason the user-authentication is not working because of a kind of encryption failure.
Could anyone give me the hint, where I did fail?
The switch says:
2d05h: RADIUS: Received from id 36 192.168.1.3:1812, Access-Reject, len 20
2d05h: RADIUS: Response (36) failed decrypt
2d05h: RADIUS: ustruct sharecount=3
2d05h: RADIUS: Initial Transmit tty2 id 37 192.168.1.3:1813, Accounting-Request, len 94
2d05h: Attribute 4 6 C0A8016E
2d05h: Attribute 5 6 00000002
2d05h: Attribute 61 6 00000005
2d05h: Attribute 1 8 72626C61
2d05h: Attribute 31 14 3139322E
2d05h: Attribute 40 6 00000001
2d05h: Attribute 45 6 00000002
2d05h: Attribute 6 6 00000007
2d05h: Attribute 44 10 30303030
2d05h: Attribute 41 6 00000000
and the Server says:
modcall[authorize]: module "auth_log" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "robert.lang", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry DEFAULT at line 174
modcall[authorize]: module "files" returns ok for request 0
rlm_pap: WARNING! No "known good" password found for the user. Authentication m
ay fail because of this.
modcall[authorize]: module "pap" returns noop for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type System
auth: type "System"
ERROR: Unknown value specified for Auth-Type. Cannot perform requested action
.
auth: Failed to validate the user.
Login incorrect: [robert.lang/,c\014\202I\357UN1\005\207p\222G\003\227] (from client Server-Switch port 2 cli 192.168.1.32)
WARNING: Unprintable characters in the password. ? Double-check the shared secret on the server and the NAS!
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 33 to 192.168.1.110 port 1812
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 33 with timestamp 4f490e6e
Nothing to do. Sleeping until we see a request.
Thank you in advance
