wpereiratecno
(usa Debian)
Enviado em 06/11/2009 - 09:19h
Amigos do VOL,
Não estou conseguindo me autenticar em um Cisco 6500 via freeradius + mysql.
Meu cenário:
- Freeradius+MySQL server: Debian GNU/Linux lenny x86_64 kernel 2.6.26-2-amd64
- Freeradius 2.0.4
- MySQL 5.0.51a
- Calling Station: Windows XP Professional 32 bits SP3
- Client: Cisco6500 Catalyst - IOS versão 12.2(17r)S4
Rodando o freeradius -X (modo debug), tive o seguinte resultado (apenas omiti informações como IP, user e senha):
Ready to process requests.
rad_recv: Access-Request packet from host IP_Client port 21645, id=55, length=82
NAS-IP-Address = IP_Client
NAS-Port = 1
NAS-Port-Type = Virtual
User-Name = "user"
Calling-Station-Id = "Calling_Station"
User-Password = "pass_user"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "user", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "user"
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
expand: %{User-Name} -> user
rlm_sql (sql): sql_set_user escaped user --> 'user'
rlm_sql (sql): Reserving sql socket id: 1
expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'user' ORDER BY id
rlm_sql (sql): User found in radcheck table
expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'user' ORDER BY id
expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'user' ORDER BY priority
expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'pop-sp' ORDER BY id
rlm_sql (sql): User found in group pop-sp
expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'pop-sp' ORDER BY id
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
rad_check_password: Found Auth-Type
auth: type "PAP"
+- entering group PAP
rlm_pap: login attempt with password "pass_user"
rlm_pap: Using CRYPT encryption.
rlm_pap: User authenticated successfully
++[pap] returns ok
Login OK: [user/pass_user] (from client cisco6500 port 1 cli Calling_Station)
+- entering group post-auth
++[exec] returns noop
Sending Access-Accept of id 55 to IP_Client port 21645
Framed-Compression := Van-Jacobson-TCP-IP
Framed-Protocol := PPP
Service-Type := Login-User
Framed-MTU := 1500
Finished request 8.
Encontrei em um fórum da Cisco uma discussão sobre isso e um cara precisou alterar o valor do attribute Service-Type para 'Login' (antes era Framed-User), mas no meu caso isso não resolveu o problema.
Agradeço se alguém puder ajudar.
Wagner Pereira
twitter: @wpereiratecno