cisco device says "% Backup authentication" and won't log me in

permalink · #1 (**permalink**) 04-05-2007

This is a multi-part message in MIME format.

--===============2074002804==
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C77787.0F3EEC09"
Content-class: urn:content-classes:message

This is a multi-part message in MIME format.

------_=_NextPart_001_01C77787.0F3EEC09
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I configured freeradius on a Fedora Core 6 machine to use PAP against a =
cisco switch
radtest on localhost is successfully. I think radiusd.conf users and =
clients.conf files are ok

>From the cisco device after I insert user and password telnetting to it =
I got:

% Backup authentication
000206: Apr 5 12:42:29: %RADIUS-4-RADIUS_DEAD: RADIUS server =
172.25.110.8:1645,
1646 is not responding.
000207: Apr 5 12:42:29: %RADIUS-4-RADIUS_ALIVE: RADIUS server =
172.25.110.8:1645
,1646 has returned.

the cisco device won't let me log in... 172.25.110.8 is the right IP of =
the freeradius

And this is the freeradius server log:

rad_recv: Access-Request packet from host 172.25.110.109:21645, id=3D37, =
length=3D77
NAS-IP-Address =3D 172.25.110.109
NAS-Port =3D 2
NAS-Port-Type =3D Virtual
User-Name =3D "test"
Calling-Station-Id =3D "172.25.120.40"
User-Password =3D "test"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name =3D "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry DEFAULT at line 152
users: Matched entry test at line 218
modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 37 to 172.25.110.109 port 21645
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.25.110.109:21645, id=3D37, =
length=3D77
Sending duplicate reply to client SW-DATA-1:21645 - ID: 37
Re-sending Access-Accept of id 37 to 172.25.110.109 port 21645
--- Walking the entire request list ---
Cleaning up request 0 ID 37 with timestamp 4614ef14
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 172.25.110.109:21645, id=3D37, =
length=3D77
NAS-IP-Address =3D 172.25.110.109
NAS-Port =3D 2
NAS-Port-Type =3D Virtual
User-Name =3D "test"
Calling-Station-Id =3D "172.25.120.40"
User-Password =3D "test"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name =3D "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 1
users: Matched entry DEFAULT at line 152
users: Matched entry test at line 218
modcall[authorize]: module "files" returns ok for request 1
modcall: leaving group authorize (returns ok) for request 1
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 37 to 172.25.110.109 port 21645
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.25.110.109:21645, id=3D37, =
length=3D77
Sending duplicate reply to client SW-DATA-1:21645 - ID: 37
Re-sending Access-Accept of id 37 to 172.25.110.109 port 21645
--- Walking the entire request list ---
Cleaning up request 1 ID 37 with timestamp 4614ef1f
Nothing to do. Sleeping until we see a request.

I can't figure out what's wrong... It's seems that something missing on =
the cisco side
Is right that radius send back Access-Accept on port 21645?=20

Thanks in advance

------_=_NextPart_001_01C77787.0F3EEC09
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
6.5.7651.59">
<TITLE>cisco device says "% Backup authentication" and won't =
log me in</TITLE>
</HEAD>
<BODY>


I configured freeradius on a Fedora Core 6 machine to =
use PAP against a cisco switch 
radtest on localhost is successfully. I think radiusd.conf users and =
clients.conf files are ok 
 
>From the cisco device after I insert user and password telnetting to it =
I got: 
 
% Backup authentication 
000206: Apr  5 12:42:29: %RADIUS-4-RADIUS_DEAD: RADIUS server =
172.25.110.8:1645, 
1646 is not responding. 
000207: Apr  5 12:42:29: %RADIUS-4-RADIUS_ALIVE: RADIUS server =
172.25.110.8:1645 
,1646 has returned. 
 
the cisco device won't let me log in... 172.25.110.8 is the right IP of =
the freeradius 
 
And this is the freeradius server log: 
 
rad_recv: Access-Request packet from host 172.25.110.109:21645, id=3D37, =
length=3D77 
        NAS-IP-Address =3D =
172.25.110.109 
        NAS-Port =3D 2 
        NAS-Port-Type =3D Virtual 
        User-Name =3D =
"test" 
        Calling-Station-Id =3D =
"172.25.120.40" 
        User-Password =3D =
"test" 
  Processing the authorize section of radiusd.conf 
modcall: entering group authorize for request 0 
  modcall[authorize]: module "preprocess" returns ok for =
request 0 
  modcall[authorize]: module "chap" returns noop for =
request 0 
  modcall[authorize]: module "mschap" returns noop for =
request 0 
    rlm_realm: No '@' in User-Name =3D "test", =
looking up realm NULL 
    rlm_realm: No such realm "NULL" 
  modcall[authorize]: module "suffix" returns noop for =
request 0 
  rlm_eap: No EAP-Message, not doing EAP 
  modcall[authorize]: module "eap" returns noop for =
request 0 
    users: Matched entry DEFAULT at line 152 
    users: Matched entry test at line 218 
  modcall[authorize]: module "files" returns ok for =
request 0 
modcall: leaving group authorize (returns ok) for request 0 
  rad_check_password:  Found Auth-Type Local 
auth: type Local 
auth: user supplied User-Password matches local User-Password 
Sending Access-Accept of id 37 to 172.25.110.109 port 21645 
Finished request 0 
Going to the next request 
--- Walking the entire request list --- 
Waking up in 6 seconds... 
rad_recv: Access-Request packet from host 172.25.110.109:21645, id=3D37, =
length=3D77 
Sending duplicate reply to client SW-DATA-1:21645 - ID: 37 
Re-sending Access-Accept of id 37 to 172.25.110.109 port 21645 
--- Walking the entire request list --- 
Cleaning up request 0 ID 37 with timestamp 4614ef14 
Nothing to do.  Sleeping until we see a request. 
rad_recv: Access-Request packet from host 172.25.110.109:21645, id=3D37, =
length=3D77 
        NAS-IP-Address =3D =
172.25.110.109 
        NAS-Port =3D 2 
        NAS-Port-Type =3D Virtual 
        User-Name =3D =
"test" 
        Calling-Station-Id =3D =
"172.25.120.40" 
        User-Password =3D =
"test" 
  Processing the authorize section of radiusd.conf 
modcall: entering group authorize for request 1 
  modcall[authorize]: module "preprocess" returns ok for =
request 1 
  modcall[authorize]: module "chap" returns noop for =
request 1 
  modcall[authorize]: module "mschap" returns noop for =
request 1 
    rlm_realm: No '@' in User-Name =3D "test", =
looking up realm NULL 
    rlm_realm: No such realm "NULL" 
  modcall[authorize]: module "suffix" returns noop for =
request 1 
  rlm_eap: No EAP-Message, not doing EAP 
  modcall[authorize]: module "eap" returns noop for =
request 1 
    users: Matched entry DEFAULT at line 152 
    users: Matched entry test at line 218 
  modcall[authorize]: module "files" returns ok for =
request 1 
modcall: leaving group authorize (returns ok) for request 1 
  rad_check_password:  Found Auth-Type Local 
auth: type Local 
auth: user supplied User-Password matches local User-Password 
Sending Access-Accept of id 37 to 172.25.110.109 port 21645 
Finished request 1 
Going to the next request 
--- Walking the entire request list --- 
Waking up in 6 seconds... 
rad_recv: Access-Request packet from host 172.25.110.109:21645, id=3D37, =
length=3D77 
Sending duplicate reply to client SW-DATA-1:21645 - ID: 37 
Re-sending Access-Accept of id 37 to 172.25.110.109 port 21645 
--- Walking the entire request list --- 
Cleaning up request 1 ID 37 with timestamp 4614ef1f 
Nothing to do.  Sleeping until we see a request. 
 
 
I can't figure out what's wrong... It's seems that something missing on =
the cisco side 
Is right that radius send back Access-Accept on port 21645? 
 
Thanks in advance 



</BODY>
</HTML>
------_=_NextPart_001_01C77787.0F3EEC09--

--===============2074002804==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--===============2074002804==--

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode