LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 07-23-2008, 05:02 AM   #1
jjsan
LQ Newbie
 
Registered: May 2007
Location: Slovakia
Posts: 12

Rep: Reputation: 0
radius server authorize problem


i have more than 90 cisco switches and all of them are authorizing to linux radius server.
all of them are working perfectly except one.
logs from radius server (with parameter -X)

this is from good one
rad_recv: Access-Request packet from host 10.7.112.2:1645, id=2, length=80
NAS-IP-Address = 10.7.112.2
NAS-Port = 1
NAS-Port-Type = Virtual
User-Name = "username"
Calling-Station-Id = "10.7.191.13"
User-Password = "password"
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
rlm_realm: No '@' in User-Name = "username", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
users: Matched DEFAULT at 214
modcall[authorize]: module "files" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for username
radius_xlat: '(uid=username)'
radius_xlat: 'ou=Users,o=Company Group,c=CZ'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to server.company.sk:389, authentication 0
rlm_ldap: bind as cn=server,ou=Radius,ou=Applications,o=Company Group,c=CZ/kokos123 to server.company.sk:389
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in ou=Users,o=Company Group,c=CZ, with filter (uid=username)
rlm_ldap: checking if remote access for username is allowed by dialupAccess
rlm_ldap: performing search in cn=default,ou=Profiles,ou=Radius,ou=Applications,o=Company Group,c=CZ, with filter (objectclass=radiusprofile)
rlm_ldap: Adding radiusFramedCompression as Framed-Compression, value 0 & op=11
rlm_ldap: Adding radiusFramedRouting as Framed-Routing, value None & op=11
rlm_ldap: Adding radiusFramedIPNetmask as Framed-IP-Netmask, value 255.255.255.255 & op=11
rlm_ldap: Adding radiusFramedIPAddress as Framed-IP-Address, value 255.255.255.255 & op=11
rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP & op=11
rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User & op=11
rlm_ldap: performing search in cn=NET_admin,ou=Profiles,ou=Radius,ou=Applications,o=Company Group,c=CZ, with filter (objectclass=radiusprofile)
rlm_ldap: Adding radiusHuntgroupName as Huntgroup-Name, value netadmin & op=21
rlm_ldap: Adding radiusFramedCompression as Framed-Compression, value 0 & op=11
rlm_ldap: Adding radiusFramedRouting as Framed-Routing, value None & op=11
rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP & op=11
rlm_ldap: Adding radiusServiceType as Service-Type, value Administrative-User & op=11
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusFramedIPAddress as Framed-IP-Address, value 0.0.0.0 & op=11
huntgroups: Matched netadmin at 68
rlm_ldap: user username authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type ldap
auth: type "LDAP"
modcall: entering group Auth-Type for request 0
rlm_ldap: - authenticate
rlm_ldap: login attempt by "username" with password "password"
rlm_ldap: user DN: cn=Name username,ou=Users,o=Company Group,c=CZ
rlm_ldap: (re)connect to server.company.sk:389, authentication 1
rlm_ldap: bind as cn=Name username,ou=Users,o=Company Group,c=CZ/password to server.company.sk:389
rlm_ldap: waiting for bind result ...
rlm_ldap: user username authenticated succesfully
modcall[authenticate]: module "ldap" returns ok for request 0
modcall: group Auth-Type returns ok for request 0
Login OK: [username] (from client switches-internal port 1 cli 10.7.191.13)
Sending Access-Accept of id 2 to 10.7.112.2:1645
Framed-IP-Netmask = 255.255.255.255
Framed-Compression = None
Framed-Routing = None
Framed-Protocol = PPP
Service-Type = Administrative-User
Framed-IP-Address = 0.0.0.0
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Accounting-Request packet from host 10.7.112.2:1646, id=5, length=96
NAS-IP-Address = 10.7.112.2
NAS-Port = 1
NAS-Port-Type = Virtual
User-Name = "username"
Calling-Station-Id = "10.7.191.13"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Service-Type = NAS-Prompt-User
Acct-Session-Id = "00000003"
Acct-Delay-Time = 0
modcall: entering group preacct for request 1
modcall[preacct]: module "preprocess" returns noop for request 1
rlm_realm: No '@' in User-Name = "username", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[preacct]: module "suffix" returns noop for request 1
modcall: group preacct returns noop for request 1
modcall: entering group accounting for request 1
rlm_acct_unique: WARNING: Attribute NAS-Port-Id was not found in request, unique ID MAY be inconsistent
rlm_acct_unique: Hashing ',Client-IP-Address = 10.7.112.2,NAS-IP-Address = 10.7.112.2,Acct-Session-Id = "00000003",User-Name = "username"'
rlm_acct_unique: Acct-Unique-Session-ID = "65b40c8e17ea3caa".
modcall[accounting]: module "acct_unique" returns ok for request 1
radius_xlat: '/var/log/radius/radacct/10.7.112.2/detail-20080723'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radius/radacct/10.7.112.2/detail-20080723
modcall[accounting]: module "detail" returns ok for request 1
modcall[accounting]: module "unix" returns ok for request 1
radius_xlat: '/var/log/radius/radutmp'
radius_xlat: 'username'
modcall[accounting]: module "radutmp" returns ok for request 1
modcall: group accounting returns ok for request 1
Sending Accounting-Response of id 5 to 10.7.112.2:1646
Finished request 1
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 2 with timestamp 4886eea0
Cleaning up request 1 ID 5 with timestamp 4886eea0


this is from bad one
rad_recv: Access-Request packet from host 10.7.112.13:1812, id=59, length=80
NAS-IP-Address = 10.1.6.6
NAS-Port = 1
NAS-Port-Type = Virtual
User-Name = "username"
Calling-Station-Id = "10.7.191.13"
User-Password = "password"
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
rlm_realm: No '@' in User-Name = "username", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
users: Matched DEFAULT at 214
modcall[authorize]: module "files" returns ok for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_ldap: - authorize
rlm_ldap: performing user authorization for username
radius_xlat: '(uid=username)'
radius_xlat: 'ou=Users,o=Company Group,c=CZ'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=Users,o=Company Group,c=CZ, with filter (uid=username)
rlm_ldap: checking if remote access for username is allowed by dialupAccess
rlm_ldap: performing search in cn=default,ou=Profiles,ou=Radius,ou=Applications,o=Company Group,c=CZ, with filter (objectclass=radiusprofile)
rlm_ldap: Adding radiusFramedCompression as Framed-Compression, value 0 & op=11
rlm_ldap: Adding radiusFramedRouting as Framed-Routing, value None & op=11
rlm_ldap: Adding radiusFramedIPNetmask as Framed-IP-Netmask, value 255.255.255.255 & op=11
rlm_ldap: Adding radiusFramedIPAddress as Framed-IP-Address, value 255.255.255.255 & op=11
rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP & op=11
rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User & op=11
rlm_ldap: performing search in cn=NET_admin,ou=Profiles,ou=Radius,ou=Applications,o=Company Group,c=CZ, with filter (objectclass=radiusprofile)
rlm_ldap: Adding radiusHuntgroupName as Huntgroup-Name, value netadmin & op=21
rlm_ldap: Adding radiusFramedCompression as Framed-Compression, value 0 & op=11
rlm_ldap: Adding radiusFramedRouting as Framed-Routing, value None & op=11
rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP & op=11
rlm_ldap: Adding radiusServiceType as Service-Type, value Administrative-User & op=11
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusFramedIPAddress as Framed-IP-Address, value 0.0.0.0 & op=11
rlm_ldap: Pairs do not match. Rejecting user.
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns reject for request 5
modcall: group authorize returns reject for request 5
Invalid user (rlm_ldap: Pairs do not match): [username] (from client switches-internal port 1 cli 10.7.191.13)

Delaying request 5 for 1 seconds
Finished request 5
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 59 to 10.7.112.13:1812
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 5 ID 59 with timestamp 4886efef


the name and the password is the same on both switches

any idea?

thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
RADIUS server ayush1440 Linux - Server 1 06-24-2008 01:14 PM
Radius Server jkmreyes Linux - Server 2 03-06-2008 08:56 PM
Radius Server Help Scooby1350 Linux - Networking 1 05-04-2006 02:36 AM
pppoe server+radius server configuration ye_adam Linux - Networking 2 01-12-2006 03:36 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 12:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration