Okay so I worked out that the problem lies in the group authorization command in the AAA config.  I got this config right out of the FAQ on the freeradius.org site so I think I've missed where I setup a radius group.  When I remove the authorization statements I can logon just fine using telnet.
 
Can someone enlighten me?!  :)
 
Thanks
 
--Stevo
 
----- Original Message -----
From: Stevo
Sent: Thursday, February 27, 2003 11:37 AM
Subject: Radius Authorization Problem

Hey Guys,
 
I'm a newbie to freeradius and am having a problem getting it to work with my Cisco gear.  I'm at the stage now where I can logon to my Cisco 2611 and authenticate against the freeradius server just fine IF I'm connected to the console.  When I try to connect using telnet I get an immediate % Authorization failed.
I'm running my radius server in debug mode and it appears as if the radius server authenticates the telnet session just fine - below is the output from the radius server (yes and I know it's showing my password...  but hey - it's not a problem for me!)  Below that is my aaa config on the router.  Does anyone have any help for me?!!
 
Thanks
 
--Stevo
 
 
 
rad_recv: Access-Request packet from host 192.168.32.2:1645, id=28, length=74
Thread 4 assigned request 15
--- Walking the entire request list ---
Threads: total/active/spare threads = 5/1/4
Waking up in 5 seconds...
Thread 4 handling request 15, (3 handled so far)
        NAS-IP-Address = 192.168.32.2
        NAS-Port = 71
        NAS-Port-Type = Virtual
        User-Name = "stevo"
        Calling-Station-Id = "10.1.2.10"
        User-Password = "stevo"
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
  modcall[authorize]: module "chap" returns noop
  modcall[authorize]: module "mschap" returns notfound
    rlm_realm: No '@' in User-Name = "stevo", looking up realm NULL
    rlm_realm: No such realm NULL
  modcall[authorize]: module "suffix" returns noop
    users: Matched stevo at 53
  modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 28 to 192.168.32.2:1645
Finished request 15
Going to the next request
-----------------------------------------------
 
aaa new-model
aaa authentication login default group radius local
aaa authentication login localauth local
aaa authentication ppp default if-needed group radius local
aaa authorization exec default group radius local
aaa authorization network default group radius local
aaa accounting delay-start
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
aaa processes 6
 
 
 
 

Reply via email to