(RADIATOR) Auth problems with Cisco 6400

Hugh Irvine hugh at open.com.au
Fri Jun 8 20:05:42 CDT 2001


Hello Lisa -

It looks to me like the shared secrets are not set correctly.

Also note that the vp.users entry for abdul has Service-Type = Framed-User as 
a check item, rather than as a reply item. Now it may be that you want it as 
a check item, but it is almost certain that the Cisco will expect it as a 
reply item as well.

regards

Hugh

On Friday 08 June 2001 20:30, Lisa Goulet wrote:
> Hi all,
>
> I have a test set up with a Cisco 6400 and Radiator.2.17 and am getting a
> "Bad password" error. The password.log file shows the correct password. The
> passwords are cleartext and we're using chap. A test with the same
> parameters(user,password,chap,Nas-port-type) works when tested with
> radpwtst.
>
> Here are the config and logs:
>
> vp.cfg:
> ************************
> <Client DEFAULT>
>         Secret  radius
>         DupInterval 0
> </Client>
>
> <Realm vp.versatel>
>         PasswordLogFileName     %L/password.log
>         RewriteUsername s/^([^@]+).*/$1/
>         <AuthBy FILE>
>                 Filename ./vp.users
>         </AuthBy>
> </Realm>
>
>
> vp.users:
> ************************
>
> abdul   User-Password = "asserti",Service-Type = Framed-User
>         Framed-Protocol = PPP,
>         Framed-IP-Address = 212.20.20.1,
>         Framed-IP-Netmask = 255.255.255.255,
>         Framed-Routing = None,
>         Framed-MTU = 1500
>
> password.log:
> **********************
> Fri Jun  8 12:02:09 2001:991994529:abdul:UNKNOWN-CHAP:asserti:FAIL
>
> Logfile:
> **********************
> Fri Jun  8 12:00:09 2001: DEBUG: Packet dump:
> *** Received from 212.127.232.1 port 1645 ....
> Code:       Access-Request
> Identifier: 201
> Authentic:  C<237>In<135>2g<219>(<10>*<228><163><186>t"
> Attributes:
>         NAS-IP-Address = 192.168.1.21
>         NAS-Port = 2281767158
>         Cisco-NAS-Port = "Virtual-Access1*"
>         NAS-Port-Type = Virtual
>         User-Name = "abdul at vp.versatel"
>         CHAP-Password =
> <195><179><225><183>3<158><148><240><179><167><188><135>
> <247>|&<6>&
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>
> Fri Jun  8 12:00:09 2001: DEBUG: Handling request with Handler
> 'Realm=vp.versatel'
> Fri Jun  8 12:00:09 2001: DEBUG: Rewrote user name to abdul
> Fri Jun  8 12:00:09 2001: DEBUG:  Deleting session for abdul at vp.versatel,
> 192.168.1.21, 2281767158
> Fri Jun  8 12:00:09 2001: DEBUG: Handling with Radius::AuthFILE
> Fri Jun  8 12:00:09 2001: DEBUG: Radius::AuthFILE looks for match with
> abdul Fri Jun  8 12:00:09 2001: DEBUG: Radius::AuthFILE REJECT: Bad
> Password Fri Jun  8 12:00:09 2001: INFO: Access rejected for abdul: Bad
> Password
>
>
> Thanks,
> Lisa
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list