callback and Cisco (again)

Doove, Rene Mon, 06 May 2002 07:11:11 -0700

Hello again, (I pressed the send-button by accident to early :(

I have a problem getting callback working with a cisco 3620 router. I use it
in combination with Freeradius server. I configured the cisco as follows:


!
aaa authorization network default group radius if-authenticated 
aaa authorization configuration default group radius 
aaa authorization network default group radius if-authenticated 
aaa authorization configuration default group radius 
!
virtual-profile virtual-template 1
virtual-profile aaa
!
interface Virtual-Template1
 no ip address
 no peer default ip address
 ppp callback accept
 ppp authentication pap
!
!
radius-server host aaa.bbb.ccc.ddd auth-port 1645 acct-port 1646 key 7
030D4119
radius-server retransmit 1
!


I configured the Freeradius server with the following attributes:
#
test    Auth-Type := local, User-Password == "test"
        Service-Type = Callback-Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address = 192.168.252.99,
        Framed-IP-Netmask = 255.255.255.255,
        Framed-MTU = 1500,
        Callback-Number = "0715282622"
#       Cisco-AVPair = "lcp:callback-dialstring=0715282622"
#       Cisco-AVPair = "lcp:interface-config=ip address 192.168.252.99
255.255.255.255"

I get the following debug result:

5d01h: RADIUS: saved authorization data for user 6164C96C at 6164CB00
5d01h: AAA/AUTHEN (2941160896): status = PASS
5d01h: Se1/0:0 AAA/AUTHOR/LCP: Authorize LCP
5d01h: Se1/0:0 AAA/AUTHOR/LCP (511861093): Port='Serial1/0:0' list=''
service=NET
5d01h: AAA/AUTHOR/LCP: Se1/0:0 (511861093) user='test'
5d01h: Se1/0:0 AAA/AUTHOR/LCP (511861093): send AV service=ppp
5d01h: Se1/0:0 AAA/AUTHOR/LCP (511861093): send AV protocol=lcp
5d01h: Se1/0:0 AAA/AUTHOR/LCP (511861093): found list "default"
5d01h: Se1/0:0 AAA/AUTHOR/LCP (511861093): Method=radius (radius)
5d01h: RADIUS: Bad attribute (Inapplicable attribute): type 19 len 12 data
0x30373135
5d01h: RADIUS: no appropriate authorization type for user.
5d01h: Se1/0:0 AAA/AUTHOR (511861093): Post authorization status = FAIL
5d01h: Se1/0:0 AAA/AUTHOR/LCP: Denied
5d01h: Se1/0:0 PAP: O AUTH-NAK id 17 len 25 msg is "Authorization failed"


Authentication succeeds, but the callback isn't accepted.
If I remove the callback attribute. I get a good connection.

I have tried some other things: AVpair (see the commented stuff in radius),
but I just can't get it working. Can anyone help? (I really need it soon)

tanx in advance,

Rene Doove
Tel: 071-5256682
Email: [EMAIL PROTECTED]

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

callback and Cisco (again)

Reply via email to