RADIUS Static Password

From Swivel Knowledgebase
Jump to: navigation, search


Overview

Swivel version 3.9.6 onards allows non Swivel users to authenticate with a password set in their repository instead of a Swivel OTC.

This allows a non Swivel user to be authenticated with just their repository password, and can be used for RADIUS testing and health checks.


Prerequisites

Swivel 3.9.6 onwards.

Repository with password for user


swivel RADIUS setup

The Swivel RADIUS server must be configured, see RADIUS How To Guide.

On the RADIUS NAS set authenticate non-user with just password: to Yes


Swivel Repository Configuration

Configure a Repository for user authentication, such as Active Directory, see AD data source configuration. Set the option Server to use to attempt to authenticate non-users: to the repository that non Swivel users will have their password checked against.


Testing

Attempt a login with the non Swivel user, see RADIUS Testing.


Known Issues

Troubleshooting

See RADIUS How To Guide.

LOG_LOGIN_NON_USER_PASS, non-swivel-username

This is displayed for a succesful user authentication against a remote repository

Failed to get LDAP context for user CN=non-swivel,CN=Users,DC=swiveldemo,DC=swivelsecure,DC=net

This error can be displayed if the username is correct but the password is incorrect


RADIUS: <18> Access-Request(1) LEN=50 192.168.1.10:49317 Access-Request by non-swivel Failed: AccessRejectException: NON_USER_PASSWORD_FAIL

This error is dispalyed if the password is incorrect


RADIUS DEBUG: Exception in thread: DATAGRAM LEN = 56 FROM 192.168.1.10:57788 java.lang.NullPointerException at com.swiveltechnologies.pinsafe.server.user.repository.AbstractRepositoryBase.getAttribute(AbstractRepositoryBase.java:149) at com.swiveltechnologies.pinsafe.server.radius.RadiusAccess.authenticate(RadiusAccess.java:480) at com.theorem.radserver3.RADIUSSession.o(Unknown Source) at com.theorem.radserver3.RADIUSSession.e(Unknown Source) at com.theorem.radserver3.RADIUSSession.run(Unknown Source) at java.lang.Thread.run(Unknown Source)

This error may be displayed if the username is incorrect