maxis2cute
asked on
radius server
i can connect with the radius server but i need setup help, it keeps rejecting the authentication
ASKER
i am using RADL not free radius, this is what it has a database, a flt text file
#
# This file contains security and configuration information
# for each user. The first field is the user's name and
# can be up to 8 characters in length. This is followed (on
# the same line) with the list of authentication requirements
# for that user. This can include password, comm server name,
# comm server port number, and an expiration date of the user's
# password. When an authentication request is receive from
# the comm server, these values are tested. A special user named
# "DEFAULT" can be created (and should be placed at the end of
# the user file) to specify what to do with users not contained
# in the user file. A special password of "UNIX" can be specified
# to notify the authentication server to use UNIX password (/etc/passwd)
# authentication for this user.
#
# Indented (with the tab character) lines following the first
# line indicate the configuration values to be passed back to
# the comm server to allow the initiation of a user session.
# This can include things like the PPP configuration values
# or the host to log the user onto.
#> Group = "Local"
t Password = "t"
User-Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Route = "10.2.3.0/24",
Framed-Filter-Id = "102.in",
Framed-Filter-Id = "103.out",
cisco-avpair = "ip:addr-pool=first",
cisco-avpair = "ip:rte_fltr_in*12 igrp 109",
cisco-avpair = "ipx:outacl=812"
$enabl5$ Password = "t"
User-Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Route = "10.2.3.0/24",
Framed-Filter-Id = "102.in",
Framed-Filter-Id = "103.out",
cisco-avpair = "ip:addr-pool=first",
cisco-avpair = "ip:rte_fltr_in*12 igrp 109",
cisco-avpair = "ipx:outacl=812"
john LPassword = "s",
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Address = 172.16.3.33,
Framed-Netmask = 255.255.255.0,
Framed-Routing = Broadcast-Listen,
Framed-Filter-Id = "std.ppp",
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP,
cisco-avpair = "ip:addr-pool=first",
cisco-avpair = "ip:rte_fltr_in*12 igrp 109",
cisco-avpair = "ipx:outacl=812",
steve Password = "testing",
Expiration = "Dec 24 1992",
User-Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Address = 172.16.3.33,
Framed-Netmask = 255.255.255.0,
Framed-Routing = Broadcast-Listen,
Framed-Filter-Id = "std.ppp",
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP
#> Group = "Distant"
toto Password = "tata"
User-Service-Type = Login-User,
Login-Host = 172.16.2.7,
Login-Service = PortMaster
test01 Password = "pp"
User-Service-Type = Framed-User,
Framed-Protocol = PPP,
Login-Host = 255.255.255.255,
Dialback-No = "9034584444"
test02 Password = "test02"
User-Service-Type = Dialback-Framed-User,
Framed-Protocol = PPP,
Dialback-No = "0934666666"
#
# Example PPP user with address Assigned by PortMaster
#
Peg Password = "ge55gep"
User-Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Address = 255.255.255.254,
Framed-Netmask = 255.255.255.255,
Framed-Routing = None,
Framed-Compression = Van-Jacobsen-TCP-IP,
Framed-Filter-Id = "std.ppp.in",
Framed-MTU = 1500
#
# Example SLIP user with specified address
#
Seg Password = "ge55ges"
User-Service-Type = Framed-User,
Framed-Protocol = SLIP,
Framed-Address = 192.9.200.129,
Framed-Netmask = 255.255.255.255,
Framed-Routing = None,
Framed-Compression = None,
Framed-MTU = 1006
#
# Example CSLIP user with specified address
#
Ceg Password = "ge55gec"
User-Service-Type = Framed-User,
Framed-Protocol = SLIP,
Framed-Address = 192.9.200.130,
Framed-Netmask = 255.255.255.255,
Framed-Routing = None,
Framed-Compression = Van-Jacobsen-TCP-IP,
Framed-MTU = 1006
#
# Prompt user for host
#
eg Password = "eg"
User-Service-Type = Login-User,
# Login-Host = 255.255.255.255,
# Login-Service = telnet,
# Login-TCP-Port = 23
#
# Dial user back and telnet to the default host for that port
#
deg Password = "deg"
User-Service-Type = Dialback-Login-User,
Login-Host = 0.0.0.0,
Dialback-No = "0134586148",
Login-Service = Telnet,
Login-TCP-Port = 23
#DEFAULT Password = "345_TTU2Tr"
# User-Service-Type = Login-User,
# Login-Service = Rlogin
i cant figure out what to add to authenticate with the cisco switch, i fails no matter what i try
if you could help with an entry it would be appreaciated
#
# This file contains security and configuration information
# for each user. The first field is the user's name and
# can be up to 8 characters in length. This is followed (on
# the same line) with the list of authentication requirements
# for that user. This can include password, comm server name,
# comm server port number, and an expiration date of the user's
# password. When an authentication request is receive from
# the comm server, these values are tested. A special user named
# "DEFAULT" can be created (and should be placed at the end of
# the user file) to specify what to do with users not contained
# in the user file. A special password of "UNIX" can be specified
# to notify the authentication server to use UNIX password (/etc/passwd)
# authentication for this user.
#
# Indented (with the tab character) lines following the first
# line indicate the configuration values to be passed back to
# the comm server to allow the initiation of a user session.
# This can include things like the PPP configuration values
# or the host to log the user onto.
#> Group = "Local"
t Password = "t"
User-Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Route = "10.2.3.0/24",
Framed-Filter-Id = "102.in",
Framed-Filter-Id = "103.out",
cisco-avpair = "ip:addr-pool=first",
cisco-avpair = "ip:rte_fltr_in*12 igrp 109",
cisco-avpair = "ipx:outacl=812"
$enabl5$ Password = "t"
User-Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Route = "10.2.3.0/24",
Framed-Filter-Id = "102.in",
Framed-Filter-Id = "103.out",
cisco-avpair = "ip:addr-pool=first",
cisco-avpair = "ip:rte_fltr_in*12 igrp 109",
cisco-avpair = "ipx:outacl=812"
john LPassword = "s",
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Address = 172.16.3.33,
Framed-Netmask = 255.255.255.0,
Framed-Routing = Broadcast-Listen,
Framed-Filter-Id = "std.ppp",
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP,
cisco-avpair = "ip:addr-pool=first",
cisco-avpair = "ip:rte_fltr_in*12 igrp 109",
cisco-avpair = "ipx:outacl=812",
steve Password = "testing",
Expiration = "Dec 24 1992",
User-Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Address = 172.16.3.33,
Framed-Netmask = 255.255.255.0,
Framed-Routing = Broadcast-Listen,
Framed-Filter-Id = "std.ppp",
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP
#> Group = "Distant"
toto Password = "tata"
User-Service-Type = Login-User,
Login-Host = 172.16.2.7,
Login-Service = PortMaster
test01 Password = "pp"
User-Service-Type = Framed-User,
Framed-Protocol = PPP,
Login-Host = 255.255.255.255,
Dialback-No = "9034584444"
test02 Password = "test02"
User-Service-Type = Dialback-Framed-User,
Framed-Protocol = PPP,
Dialback-No = "0934666666"
#
# Example PPP user with address Assigned by PortMaster
#
Peg Password = "ge55gep"
User-Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Address = 255.255.255.254,
Framed-Netmask = 255.255.255.255,
Framed-Routing = None,
Framed-Compression = Van-Jacobsen-TCP-IP,
Framed-Filter-Id = "std.ppp.in",
Framed-MTU = 1500
#
# Example SLIP user with specified address
#
Seg Password = "ge55ges"
User-Service-Type = Framed-User,
Framed-Protocol = SLIP,
Framed-Address = 192.9.200.129,
Framed-Netmask = 255.255.255.255,
Framed-Routing = None,
Framed-Compression = None,
Framed-MTU = 1006
#
# Example CSLIP user with specified address
#
Ceg Password = "ge55gec"
User-Service-Type = Framed-User,
Framed-Protocol = SLIP,
Framed-Address = 192.9.200.130,
Framed-Netmask = 255.255.255.255,
Framed-Routing = None,
Framed-Compression = Van-Jacobsen-TCP-IP,
Framed-MTU = 1006
#
# Prompt user for host
#
eg Password = "eg"
User-Service-Type = Login-User,
# Login-Host = 255.255.255.255,
# Login-Service = telnet,
# Login-TCP-Port = 23
#
# Dial user back and telnet to the default host for that port
#
deg Password = "deg"
User-Service-Type = Dialback-Login-User,
Login-Host = 0.0.0.0,
Dialback-No = "0134586148",
Login-Service = Telnet,
Login-TCP-Port = 23
#DEFAULT Password = "345_TTU2Tr"
# User-Service-Type = Login-User,
# Login-Service = Rlogin
i cant figure out what to add to authenticate with the cisco switch, i fails no matter what i try
if you could help with an entry it would be appreaciated
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
GREAT, that worked, i had to remove the L in front of password
what is the NAS-prompt user
what is the NAS-prompt user
The service types are in rfc2865
http://www.ietf.org/rfc/rfc2865.txt
NAS Prompt The user should be provided a command prompt
on the NAS from which non-privileged commands
can be executed.
The default type is generally 'framed', which is for protocols such as PPP or Cisco HDLC. Framed protocols are used for IP communications,
whereas "Prompt" service types are used for authenticating to access a local command line for device management.
http://www.ietf.org/rfc/rfc2865.txt
NAS Prompt The user should be provided a command prompt
on the NAS from which non-privileged commands
can be executed.
The default type is generally 'framed', which is for protocols such as PPP or Cisco HDLC. Framed protocols are used for IP communications,
whereas "Prompt" service types are used for authenticating to access a local command line for device management.
Seeing the tags you chose... Are you trying to authenticate a Cisco device against FreeRADIUS?
What authentication backend are you using, where do you want FreeRADIUS to get users and passwords from?
I.e.
Do you want to build a text database in /etc/raddb/users, and specify users and passwords there in the clear, or maybe just users and pull passwords from somewhere else?
Do you want to authenticate using unix users and passwords,
Do you have a MySQL database you want to use with the sql backend, ?
There are numerous ways to set FreeRADIUS up, so we need to know how you want it to work, and what you've done to configure it, i.e. which files did you change, what did you change?