NAC Guest Server - can't authenticate Radius client, DB error

Unanswered Question
Nov 16th, 2009

Hi,

I'm currently evaluating the NGS latest v2.01 image with a fresh new installation. After initial installation, I created sponsor and guest account.My plan is to use a Cisco ASA as the Radius client with Cut-through authentication - Radius to simulate the final application which would be WLAN controller.

Here's error message when I did "test aaa" command from ASA:

ciscoasa# test aaa authentication CUT-AUTH host 172.16.1.110 username [email protected] password cisco123

INFO: Attempting Authentication test to IP address <172.16.1.110> (timeout: 12 seconds)

ERROR: Authentication Rejected: Invalid password

ciscoasa#

I did double-checked the password no issue then looked at Server -> System logs -> Support logs -> Radius log @ NGS, it shows some repeating errors as followed:

Mon Nov 16 14:04:16 2009 : Info: rlm_sql (sql): Driver rlm_sql_postgresql (module rlm_sql_postgresql) loaded and linked

Mon Nov 16 14:04:16 2009 : Info: rlm_sql (sql): Attempting to connect to [email protected]:/gapdb

Mon Nov 16 14:04:16 2009 : Error: rlm_sql_postgresql: Couldn't connect socket to PostgreSQL server [email protected]:gapdb

Mon Nov 16 14:04:16 2009 : Error: rlm_sql (sql): Failed to connect DB handle #0

Mon Nov 16 14:04:16 2009 : Info: rlm_sql (sql): There are no DB handles to use! skipped 5, tried to connect 0

Mon Nov 16 14:04:16 2009 : Error: Failed to load clients from SQL.

Mon Nov 16 14:04:16 2009 : Error: /etc/raddb/postgresql.conf[1]: Instantiation failed for module "sql"

Mon Nov 16 14:04:16 2009 : Error: /etc/raddb/radiusd.conf[88]: Failed to find module "sql".

Mon Nov 16 14:04:16 2009 : Error: /etc/raddb/radiusd.conf[87]: Errors parsing accounting section.

Mon Nov 16 14:04:16 2009 : Error: Errors initializing modules

Mon Nov 16 14:05:06 2009 : Info: rlm_sql (sql): Driver rlm_sql_postgresql (module rlm_sql_postgresql) loaded and linked

Mon Nov 16 14:05:06 2009 : Info: rlm_sql (sql): Attempting to connect to [email protected]:/gapdb

Mon Nov 16 14:05:08 2009 : Info: Ready to process requests.

Mon Nov 16 14:06:51 2009 : Info: Exiting normally.

I guess something wrong with the NGS, but I don't see any errors during the installation. The Radius package of NGS 2.01 is FreeRADIUS 2.1.3.1, any ideas?

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
aboschetti Fri, 08/13/2010 - 06:45

We had the same problem.

You can solve sending to RADIUS Server (Cisco NGS) this additional radius attribute:

Calling Station ID

NAS IP Address

Actions

This Discussion