Re: Radius Authorization Problem

[Stevo]

Okay so I worked out that the problem lies in the group authorization command in the AAA config.  I got this config right out of the FAQ on the freeradius.org site so I think I've missed where I setup a radius group.  When I remove the authorization statements I can logon just fine using telnet.   Can someone enlighten me?!  :)   Thanks   --Stevo   ----- Original Message ----- From: Stevo To: [EMAIL PROTECTED] Sent: Thursday, February 27, 2003 11:37 AM Subject: Radius Authorization Problem Hey Guys,   I'm a newbie to freeradius and am having a problem getting it to work with my Cisco gear.  I'm at the stage now where I can logon to my Cisco 2611 and authenticate against the freeradius server just fine IF I'm connected to the console.  When I try to connect using telnet I get an immediate % Authorization failed. I'm running my radius server in debug mode and it appears as if the radius server authenticates the telnet session just fine - below is the output from the radius server (yes and I know it's showing my password...  but hey - it's not a problem for me!)  Below that is my aaa config on the router.  Does anyone have any help for me?!!   Thanks   --Stevo       rad_recv: Access-Request packet from host 192.168.32.2:1645, id=28, length=74 Thread 4 assigned request 15 --- Walking the entire request list --- Threads: total/active/spare threads = 5/1/4 Waking up in 5 seconds... Thread 4 handling request 15, (3 handled so far)         NAS-IP-Address = 192.168.32.2         NAS-Port = 71         NAS-Port-Type = Virtual         User-Name = "stevo"         Calling-Station-Id = "10.1.2.10"         User-Password = "stevo" modcall: entering group authorize   modcall[authorize]: module "preprocess" returns ok rlm_chap: Could not find proper Chap-Password attribute in request   modcall[authorize]: module "chap" returns noop   modcall[authorize]: module "mschap" returns notfound     rlm_realm: No '@' in User-Name = "stevo", looking up realm NULL     rlm_realm: No such realm NULL   modcall[authorize]: module "suffix" returns noop     users: Matched stevo at 53   modcall[authorize]: module "files" returns ok modcall: group authorize returns ok   rad_check_password:  Found Auth-Type Local auth: type Local auth: user supplied User-Password matches local User-Password Sending Access-Accept of id 28 to 192.168.32.2:1645 Finished request 15 Going to the next request -----------------------------------------------   aaa new-model aaa authentication login default group radius local aaa authentication login localauth local aaa authentication ppp default if-needed group radius local aaa authorization exec default group radius local aaa authorization network default group radius local aaa accounting delay-start aaa accounting exec default start-stop group radius aaa accounting network default start-stop group radius aaa processes 6