- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- Re: problems with RADIUS authentication
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-31-2018 07:32 AM
10-31-2018 07:32 AM
problems with RADIUS authentication
Hi all,
I'm experiencing authentication problems with this configuration on HPE5510 R1309:
radius scheme system
primary authentication 10.40.0.208
key authentication cipher $c$3$miP5XfL7OV3vTSlz8OsyWF+O0jl2QvIj4FemMw==
user-name-format without-domain
nas-ip 10.99.80.6
#
domain system
authentication login radius-scheme system local
authorization login radius-scheme system local
The radius server is a Freeradius 3.0.16
I've enabled "debug radius all", below the output:
<TWR-F> *Oct 31 14:23:56:738 2018 TWR-F RADIUS/7/EVENT:
Got request data successfully, primitive: authentication.
*Oct 31 14:23:56:738 2018 TWR-F RADIUS/7/EVENT:
Getting RADIUS server info.
*Oct 31 14:23:56:738 2018 TWR-F RADIUS/7/EVENT:
Got RADIUS server info successfully.
*Oct 31 14:23:56:739 2018 TWR-F RADIUS/7/EVENT:
Created request context successfully.
*Oct 31 14:23:56:739 2018 TWR-F RADIUS/7/EVENT:
Created request packet successfully, dstIP: 10.40.0.208, dstPort: 1812, VPN instance: --(public), socketFd: 34, pktID: 56.
*Oct 31 14:23:56:739 2018 TWR-F RADIUS/7/EVENT:
Added packet socketfd to epoll successfully, socketFd: 34.
*Oct 31 14:23:56:739 2018 TWR-F RADIUS/7/EVENT:
Mapped PAM item to RADIUS attribute successfully.
*Oct 31 14:23:56:739 2018 TWR-F RADIUS/7/EVENT:
Got RADIUS username format successfully, format: 2.
*Oct 31 14:23:56:739 2018 TWR-F RADIUS/7/EVENT:
Added attribute user-name successfully, user-name: test.
*Oct 31 14:23:56:739 2018 TWR-F RADIUS/7/EVENT:
Filled RADIUS attributes in packet successfully.
*Oct 31 14:23:56:739 2018 TWR-F RADIUS/7/EVENT:
Composed request packet successfully.
*Oct 31 14:23:56:739 2018 TWR-F RADIUS/7/EVENT:
Created response timeout timer successfully.
*Oct 31 14:23:56:739 2018 TWR-F RADIUS/7/PACKET:
User-Name="test"
NAS-Identifier="TWR-F"
Framed-IP-Address=10.40.10.83
NAS-Port-Type=Virtual
Acct-Session-Id="00000001201810311423560000000108100627"
User-Password=******
Service-Type=Login-User
NAS-IP-Address=10.99.80.6
H3c-Product-Id="HPE 5510 48G 4SFP+ HI 1-slot Switch JH146A"
H3c-Nas-Startup-Timestamp=1540985598
*Oct 31 14:23:56:740 2018 TWR-F RADIUS/7/EVENT:
Sent request packet successfully.
*Oct 31 14:23:56:740 2018 TWR-F RADIUS/7/PACKET:
01 38 00 b1 1f 73 10 14 69 b3 0a 4e 13 6f b9 17
71 8f c8 7d 01 06 74 65 73 74 20 07 54 57 52 2d
46 08 06 0a 28 0a 53 3d 06 00 00 00 05 2c 28 30
30 30 30 30 30 30 31 32 30 31 38 31 30 33 31 31
34 32 33 35 36 30 30 30 30 30 30 30 31 30 38 31
30 30 36 32 37 02 12 7b b9 99 47 fe 2b 32 62 9b
21 7a cf 68 e8 58 d4 06 06 00 00 00 01 04 06 0a
63 50 06 1a 32 00 00 63 a2 ff 2c 48 50 45 20 35
35 31 30 20 34 38 47 20 34 53 46 50 2b 20 48 49
20 31 2d 73 6c 6f 74 20 53 77 69 74 63 68 20 4a
48 31 34 36 41 1a 0c 00 00 63 a2 3b 06 5b d9 92
fe
*Oct 31 14:23:56:740 2018 TWR-F RADIUS/7/EVENT:
Sent request packet and create request context successfully.
*Oct 31 14:23:56:740 2018 TWR-F RADIUS/7/EVENT:
Added request context to global table successfully.
*Oct 31 14:23:56:740 2018 TWR-F RADIUS/7/EVENT:
Processing AAA request data.
*Oct 31 14:23:56:741 2018 TWR-F RADIUS/7/EVENT:
PAM_RADIUS: Sent authentication request successfully.
*Oct 31 14:23:56:759 2018 TWR-F RADIUS/7/EVENT:
Reply SocketFd recieved EPOLLIN event.
*Oct 31 14:23:56:759 2018 TWR-F RADIUS/7/EVENT:
Received reply packet succuessfully.
*Oct 31 14:23:56:760 2018 TWR-F RADIUS/7/EVENT:
Found request context, dstIP: 10.40.0.208, dstPort: 1812, VPN instance: --(public), socketFd: 34, pktID: 56.
*Oct 31 14:23:56:760 2018 TWR-F RADIUS/7/EVENT:
The reply packet is valid.
*Oct 31 14:23:56:760 2018 TWR-F RADIUS/7/EVENT:
Decoded reply packet successfully.
*Oct 31 14:23:56:760 2018 TWR-F RADIUS/7/PACKET:
02 38 00 14 06 87 b7 fe 69 24 46 2d 01 bb f6 db
a4 15 d3 d8
*Oct 31 14:23:56:760 2018 TWR-F RADIUS/7/EVENT:
Sent reply message successfully.
*Oct 31 14:23:56:760 2018 TWR-F RADIUS/7/EVENT:
PAM_RADIUS: Fetched authentication reply-data successfully, resultCode: 0
*Oct 31 14:23:56:760 2018 TWR-F RADIUS/7/EVENT:
PAM_RADIUS: Received authentication reply message, resultCode: 0
*Oct 31 14:23:56:762 2018 TWR-F RADIUS/7/EVENT:
PAM_RADIUS: Processing RADIUS authorization.
*Oct 31 14:23:56:762 2018 TWR-F RADIUS/7/EVENT:
PAM_RADIUS: RADIUS Authorization successfully.
%Oct 31 14:23:56:763 2018 TWR-F SSHS/6/SSHS_LOG: Accepted password for test from 10.40.10.83 port 53869.
%Oct 31 14:23:57:786 2018 TWR-F SSHS/6/SSHS_CONNECT: SSH user test (IP: 10.40.10.83) connected to the server successfully.
%Oct 31 14:23:58:136 2018 TWR-F LOGIN/5/LOGIN_FAILED: test failed to log in from 10.40.10.83.
%Oct 31 14:24:01:148 2018 TWR-F SSHS/6/SSHS_LOG: User test logged out from 10.40.10.83 port 53869.
%Oct 31 14:24:01:148 2018 TWR-F SSHS/6/SSHS_DISCONNECT: SSH user test (IP: 10.40.10.83) disconnected from the server.
The authentication and authorization phases seem to be successful, but in the end I get only:
LOGIN/5/LOGIN_FAILED and SSHS/6/SSHS_DISCONNECT:
Has anyone experienced something like this?
Thx in advance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-07-2018 12:30 AM
11-07-2018 12:30 AM
Re: problems with RADIUS authentication
Hi,
Can you share the radius server configuration. Check if the Login-Service is set to 50 (SSH) in the User configuration file under the user.
Eg:
Login-Service = 50
I am an HPE Employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-07-2018 02:08 AM
11-07-2018 02:08 AM
Re: problems with RADIUS authentication
Thanks for the hint,
but I don't know how to set "Login-Service=50" with web interface of my DaloRadius.
I will have to ask the server administrator if it is possible to modify the file in case it exists.
Thx again
NextHop
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-07-2018 03:39 AM
11-07-2018 03:39 AM
Re: problems with RADIUS authentication
Hi rajkumar787,
I've tried to set Login-service=50 but the result is the same:
%Nov 7 12:13:56:763 2018 TWR-F SSHS/6/SSHS_LOG: Accepted password for test from 10.40.10.83 port 53869.
%Nov 7 12:13:57:786 2018 TWR-F SSHS/6/SSHS_CONNECT: SSH user test (IP: 10.40.10.83) connected to the server successfully.
%Nov 7 12:13:58:136 2018 TWR-F LOGIN/5/LOGIN_FAILED: test failed to log in from 10.40.10.83.
%Nov 7 12:14:01:148 2018 TWR-F SSHS/6/SSHS_LOG: User test logged out from 10.40.10.83 port 53869.
%Nov 7 12:14:01:148 2018 TWR-F SSHS/6/SSHS_DISCONNECT: SSH user test (IP: 10.40.10.83) disconnected from the server
IMHO, it seems not be an issue with SSH because I've an "Accepted, user connect, and user disconnect" messages from SSH.
I don't know why I've a LOGIN_FAILED on user test.
So, thx again.
NextHop
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2018 03:07 AM
11-12-2018 03:07 AM
Re: problems with RADIUS authentication
Hi,
Try adding 'primary accounting 10.40.0.208 & key authentication <radius key>' under 'radius scheme system', and 'accounting login radius-scheme system local' under the 'domain system',.
Also make sure the 'domain default enable system' is there by default.
If still you have issues to login, may be a wireshark trace on the radius server will help.
I am an HPE Employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-14-2018 12:36 AM
11-14-2018 12:36 AM
Re: problems with RADIUS authentication
Hi rajkumar787,
first of all thx for your answer. I don't need a srv account, I don't think the problem be that.
Anyway I've tried, but unfortunately, the result is the same.
Best regards
NextHop