11-16-2009 08:38 PM - edited 02-21-2020 10:24 AM
Hi,
I'm currently evaluating the NGS latest v2.01 image with a fresh new installation. After initial installation, I created sponsor and guest account.My plan is to use a Cisco ASA as the Radius client with Cut-through authentication - Radius to simulate the final application which would be WLAN controller.
Here's error message when I did "test aaa" command from ASA:
ciscoasa# test aaa authentication CUT-AUTH host 172.16.1.110 username jsmith@abc.com password cisco123
INFO: Attempting Authentication test to IP address <172.16.1.110> (timeout: 12 seconds)
ERROR: Authentication Rejected: Invalid password
ciscoasa#
I did double-checked the password no issue then looked at Server -> System logs -> Support logs -> Radius log @ NGS, it shows some repeating errors as followed:
Mon Nov 16 14:04:16 2009 : Info: rlm_sql (sql): Driver rlm_sql_postgresql (module rlm_sql_postgresql) loaded and linked
Mon Nov 16 14:04:16 2009 : Info: rlm_sql (sql): Attempting to connect to postgres@localhost:/gapdb
Mon Nov 16 14:04:16 2009 : Error: rlm_sql_postgresql: Couldn't connect socket to PostgreSQL server postgres@localhost:gapdb
Mon Nov 16 14:04:16 2009 : Error: rlm_sql (sql): Failed to connect DB handle #0
Mon Nov 16 14:04:16 2009 : Info: rlm_sql (sql): There are no DB handles to use! skipped 5, tried to connect 0
Mon Nov 16 14:04:16 2009 : Error: Failed to load clients from SQL.
Mon Nov 16 14:04:16 2009 : Error: /etc/raddb/postgresql.conf[1]: Instantiation failed for module "sql"
Mon Nov 16 14:04:16 2009 : Error: /etc/raddb/radiusd.conf[88]: Failed to find module "sql".
Mon Nov 16 14:04:16 2009 : Error: /etc/raddb/radiusd.conf[87]: Errors parsing accounting section.
Mon Nov 16 14:04:16 2009 : Error: Errors initializing modules
Mon Nov 16 14:05:06 2009 : Info: rlm_sql (sql): Driver rlm_sql_postgresql (module rlm_sql_postgresql) loaded and linked
Mon Nov 16 14:05:06 2009 : Info: rlm_sql (sql): Attempting to connect to postgres@localhost:/gapdb
Mon Nov 16 14:05:08 2009 : Info: Ready to process requests.
Mon Nov 16 14:06:51 2009 : Info: Exiting normally.
I guess something wrong with the NGS, but I don't see any errors during the installation. The Radius package of NGS 2.01 is FreeRADIUS 2.1.3.1, any ideas?
Thanks
08-13-2010 06:45 AM
We had the same problem.
You can solve sending to RADIUS Server (Cisco NGS) this additional radius attribute:
Calling Station ID
NAS IP Address
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide