I am not altering the users file all I have in it is :
I was using the same username and password for both. Below is my users
file.
#
#Please read the documentation file /doc/processing_users_file,
#or 'man 5 users' (after installing the server) for more
information.
#
#This file contains authentication security and configuration
#information for each user. Accounting requests are NT
processed
#through this file. Instead, see 'acct_users', in this
directory.
#
#The first field is the user's name and can be up to
#253 characters in length. This is followed (on the same line)
with
#the list of authentication requirements for that user. This can
#include password, comm server name, comm server port number,
protocol
#type (perhaps set by the "hints" file), and huntgroup name (set
by
#the "huntgroups" file).
#
#If you are not sure why a particular reply is being sent by the
#server, then run the server in debugging mode (radiusd -X), and
#you will see which entries in this file are matched.
#
#When an authentication request is received from the comm server,
#these values are tested. the first match is used unless the
#"Fall-Through" variable is set to "Yes".
#
#A special user named "DEFAULT" matches on all usernames.
#You can have several DEFAULT entries. All entries are processed
#in the order they appear in this file. The first entry that
#matches the login-request will stop processing unless you use
#the Fall-Through variable.
#
#If you use the database support to turn this file into a .db or
dbm
#file, the DEFAULT entries _have_ to be at the end of this file
and
#you can't have multiple entries for one username.
#
#You don't need to specify a password if you set Auth-Type +=
System
#on the list of authentication requirements. The RADIUS server
#will then check the system password file.
#
#Indented (with the tab character) lines following the first
#line indicate the configuration values to be passed back to
#the comm server to allow the initiation of a user session.
#This can include things like the PPP configuration values
#or the host to log the user onto.
#
#You can include another `users' file with `$INCLUDE users.other'
#
#
#For a list of RADIUS attributes, and links to their definitions,
#see:
#
#
#
#
# Deny access for a specific user. Note that this entry MUST
# be before any other 'Auth-Type' attribute which results in the user
# being authenticated.
#
# Note that there is N 'Fall-Through' attribute, so the user will not
# be given any additional resources.
#
#lameuserAuth-Type := Reject
#Reply-Message = "Your account has been disabled."
#
# Deny access for a group of users.
#
# Note that there is N 'Fall-Through' attribute, so the user will not
# be given any additional resources.
#
#DEFAULTGroup == "disabled", Auth-Type := Reject
#Reply-Message = "Your account has been disabled."
#
#
# This is a complete entry for "steve". Note that there is no
Fall-Through
# entry so that no DEFAULT entry will be used, and the user will NT
# get any attributes in addition to the ones listed here.
#
#steveAuth-Type := Local, User-Password == "testing"
#Service-Type = Framed-User,
#Framed-Protocol = PPP,
#Framed-IP-Address = 172.16.3.33,
#Framed-IP-Netmask = 255.255.255.0,
#Framed-Routing = Broadcast-Listen,
#Framed-Filter-Id = "std.ppp",
#Framed-MTU = 1500,
#Framed-Compression = Van-Jacobsen-TCP-IP
#
# This is an entry for a user with a space in their name.
# Note the double quotes surrounding the name.
#
"John Doe"User-Password == "hello"
Reply-Message = "Hello, %u"
testUser-Password == "testing123"
Reply-Message = "Hello, %u"
# Test TLS Certificate based user
FreeRADIUS.net-Client User-Password == "demo"
Reply-Message = "Hello, %u"
#
# Dial user back and telnet to the default host for that port
#
#DegAuth-Type := Local, User-Password == "ge55ged"
#Service-Type = Callback-Login-User,
#Login-IP-Host = 0.0.0.0,
#Callback-Number = "9,5551212",
#Login-Service = Telnet,
#Login-TCP-Port = Telnet
#
# Another complete entry. After the user "dialbk" has logged in, the
# connection will be broken and the user will be dialed back after which
# he will get a connection to the host "timeshare1".
#
#dialbkAuth-Type := Local, User-Password == "callme"
#Service-Type = Callback-Login-User,
#Login-IP-Host = timeshare1,
#Login-Service = PortMaster,
#Callback-Number = "9,1-800-555-1212"
#
# user "swilson" will only get a static IP number if he logs in with
# a framed protocol on a terminal server in Alphen (see the huntgroups
file).
#
# Note that by setting "Fall-Through", other attributes will be added
from
# the following DEFAULT entries
#
#swilsonService-Type == Framed-User, Huntgroup-Name == "alphen"
#Framed-IP-Address = 192.168.1.65,
#Fall-Through = Yes
#
# If the user logs in as 'username.shell', then authenticate them
# against the system database, give them shell access, and stop
processing
# the rest of the file.
#
#DEFAULTSuffix == ".shell", Auth-Type := System
#Service-Type = Login-User,
#Login-Service = Telnet,
#Login-IP-Host = your.shell.machine
#
# The rest of this file contains the several DEFAULT entries.
# DEFAULT entries match with all login names.
# Note that DEFAULT entries can also Fall-Through (see first entry).
# A name-value pair from a DEFAULT entry will _NEVER_ override
# an already existing name-value pair.
#
#
# First setup all accounts to be checked against the UNIX /etc/passwd.
# (Unless a password was already given earlier in this file).
#
#DEFAULTAuth-Type = System
#Fall-Through = 1
#
# Set up different IP address pools for the terminal servers.
# Note that the "+" behind the IP address means that this is the "base"
# IP address. The Port-Id (S0, S1 etc) will be added to it.
#
#DEFAULTService-Type == Framed-User, Huntgroup-Name == "alphen"
#Framed-IP-Address = 192.168.1.32+,
#Fall-Through = Yes
#DEFAULTService-Type == Framed-User, Huntgroup-Name == "delft"
#Framed-IP-Address = 192.168.2.32+,
#Fall-Through = Yes
#
# Defaults for all framed connections.
#
DEFAULTService-Type == Framed-User
Framed-IP-Address = 255.255.255.254,
Framed-MTU = 576,
Service-Type = Framed-User,
Fall-Through = Yes
#
# Default for PPP: dynamic IP address, PPP mode, VJ-compression.
# NTE: we do not use Hint = "PPP", since PPP might also be
auto-detected
#by the terminal server in which case there may not be a "P"
suffix.
#The terminal server sends "Framed-Protocol = PPP" for auto PPP.
#
DEFAULTFramed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
#
# Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression.
#
DEFAULTHint == "CSLIP"
Framed-Protocol = SLIP,
Framed-Compression = Van-Jacobson-TCP-IP
#
# Default for SLIP: dynamic IP address, SLIP mode.
#
DEFAULTHint == "SLIP"
Framed-Protocol = SLIP
#
# Last default: rlogin to our main server.
#
#DEFAULT
#Service-Type = Login-User,
#Login-Service = Rlogin,
#Login-IP-Host = shellbox.ispdomain.com
# #
# # Last default: shell on the local terminal server.
# #
# DEFAULT
# Service-Type = Shell-User
# no match, the user is denied access.
trippAuth-Type := Local, User-Password == "tripp"
tripp1Auth-Type := System, User-Password == "tripp1"
Tripp Sills
Senior Network Engineer - Information Technology
tripp (AT) dmenet (DOT) com
Direct Mail Express
2441 Bellevue Avenue Extension
Daytona Beach, FL
# (386) 271 - 3288
Cell # (386) 566 - 4053
Fax # (386) 271 - 3289
The information in this Internet e-mail, including attachments, is
confidential and may be legally privileged. It is intended solely for
the addressee. Access by any other person to this Internet e-mail is not
authorized. If you are not the intended recipient, please delete this
Internet e-mail and notify me by return e-mail or at (386) 271-3288. Any
unauthorized disclosure of the parties to this e-mail, and any
unauthorized disclosure, dissemination, distribution, copying, or any
action taken or omitted to be taken in reliance on this email, including
attachments, is prohibited and may be unlawful.
Message
From: @lists.freeradius.org
[@lists.freeradius.org]
Behalf Alan DeKok
Sent: Tuesday, January 17, 2006 1:32 PM
To: FreeRadius users mailing list
Subject: Re: CIsco Pix and FreeRadius
"Sills, Tripp" <tripp (AT) dmenet (DOT) comwrote:
Notice the first request that comes from the 10.2.0.69It is using
the
test aaa-server from the PIX itself. The other 2 are when I am
connecting to the VPN client and trying to authenicate. It says Auth
Type unknown. Any ideas Alan?
The only differences is in which entries it matches in the "users"
file. Read those entries to see what it's doing, and why.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
-
List info/subscribe/unsubscribe? See