RADIUS Static Password
Contents
Overview
Swivel version 3.9.6 onards allows non Swivel users to authenticate with a password set in their repository instead of a Swivel OTC.
This allows a non Swivel user to be authenticated with just their repository password, and can be used for RADIUS testing and health checks.
Prerequisites
Swivel 3.9.6 onwards.
Repository with password for user
swivel RADIUS setup
The Swivel RADIUS server must be configured, see RADIUS How To Guide.
On the RADIUS NAS set authenticate non-user with just password: to Yes
Swivel Repository Configuration
Configure a Repository for user authentication, such as Active Directory, see AD data source configuration. Set the option Server to use to attempt to authenticate non-users: to the repository that non Swivel users will have their password checked against.
Testing
Attempt a login with the non Swivel user, see RADIUS Testing.
Known Issues
Troubleshooting
See RADIUS How To Guide.
LOG_LOGIN_NON_USER_PASS, non-swivel-username
This is displayed for a succesful user authentication against a remote repository
Failed to get LDAP context for user CN=non-swivel,CN=Users,DC=swiveldemo,DC=swivelsecure,DC=net
This error can be displayed if the username is correct but the password is incorrect
RADIUS: <18> Access-Request(1) LEN=50 192.168.1.10:49317 Access-Request by non-swivel Failed: AccessRejectException: NON_USER_PASSWORD_FAIL
This error is dispalyed if the password is incorrect
RADIUS DEBUG: Exception in thread: DATAGRAM LEN = 56 FROM 192.168.1.10:57788 java.lang.NullPointerException at com.swiveltechnologies.pinsafe.server.user.repository.AbstractRepositoryBase.getAttribute(AbstractRepositoryBase.java:149) at com.swiveltechnologies.pinsafe.server.radius.RadiusAccess.authenticate(RadiusAccess.java:480) at com.theorem.radserver3.RADIUSSession.o(Unknown Source) at com.theorem.radserver3.RADIUSSession.e(Unknown Source) at com.theorem.radserver3.RADIUSSession.run(Unknown Source) at java.lang.Thread.run(Unknown Source)
This error may be displayed if the username is incorrect