no appropriate authorization type for user.
In looking at the debug on the router, and various postings on the web, it looks like the Access-Accept should be returning the Service-Type = Framed-User (2) and the Framed-Protocol = PPP (1) to the router. But I don't see that happening in the debug trace. Can someone help me tell me if I'm on the right track, and what I can do to fix this? The debug trace and users file are below.
5d23h: AAA: parse name=tty100 idb type=10 tty=100
5d23h: AAA: name=tty100 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=100 cha0
5d23h: AAA/MEMORY: create_user (0x6147A4A8) user='NULL' ruser='NULL' ds0=-1 por'
5d23h: AAA/AUTHEN/START (3006246995): port='tty100' list='' action=LOGIN servicN
5d23h: AAA/AUTHEN/START (3006246995): using "default" list
5d23h: AAA/AUTHEN/START (3006246995): Method=radius (radius)
5d23h: AAA/AUTHEN (3006246995): status = GETUSER
5d23h: AAA/AUTHEN/ABORT: (3006246995) because Autoselected.
5d23h: AAA/AUTHEN/ABORT: (3006246995) because Autoselected.
5d23h: AAA/MEMORY: free_user_quiet (0x6147A4A8) user='NULL' ruser='NULL' port='1
5d23h: %LINK-3-UPDOWN: Interface Async100, changed state to up
5d23h: As100 PPP: Treating connection as a dedicated line
5d23h: As100 AAA/AUTHOR/FSM: (0): LCP succeeds trivially
5d23h: As100 PAP: I AUTH-REQ id 1 len 14 from "tom"
5d23h: As100 PAP: Authenticating peer tom
5d23h: AAA: parse name=Async100 idb type=10 tty=100
5d23h: AAA: name=Async100 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=100 c0
5d23h: AAA/MEMORY: create_user (0x614B22B8) user='tom' ruser='NULL' ds0=-1 port'
5d23h: AAA/AUTHEN/START (371220896): port='Async100' list='' action=LOGIN serviP
5d23h: AAA/AUTHEN/START (371220896): using "default" list
5d23h: AAA/AUTHEN/START (371220896): Method=radius (radius)
5d23h: RADIUS: ustruct sharecount=2
5d23h: Radius: radius_port_info() success=1 radius_nas_port=1
5d23h: RADIUS: Initial Transmit Async100 id 73 10.20.10.11:1812, Access-Request9
5d23h: Attribute 4 6 0A14FEFE
5d23h: Attribute 5 6 00000064
5d23h: Attribute 61 6 00000000
5d23h: Attribute 1 5 746F6D02
5d23h: Attribute 2 18 170225D5
5d23h: Attribute 6 6 00000002
5d23h: Attribute 7 6 00000001
5d23h: Attribute 44 10 30303030
5d23h: Attribute 8 6 0A141E06
5d23h: RADIUS: Received from id 73 10.20.10.11:1812, Access-Accept, len 20
5d23h: RADIUS: saved authorization data for user 614B22B8 at 6140FD54
5d23h: AAA/AUTHEN (371220896): status = PASS
5d23h: As100 AAA/AUTHOR/LCP: Authorize LCP
5d23h: As100 AAA/AUTHOR/LCP (2483796026): Port='Async100' list='' service=NET
5d23h: AAA/AUTHOR/LCP: As100 (2483796026) user='tom'
5d23h: As100 AAA/AUTHOR/LCP (2483796026): send AV service=ppp
5d23h: As100 AAA/AUTHOR/LCP (2483796026): send AV protocol=lcp
5d23h: As100 AAA/AUTHOR/LCP (2483796026): found list "default"
5d23h: As100 AAA/AUTHOR/LCP (2483796026): Method=radius (radius)
5d23h: RADIUS: no appropriate authorization type for user.
5d23h: As100 AAA/AUTHOR (2483796026): Post authorization status = FAIL
5d23h: As100 AAA/AUTHOR/LCP: Denied
5d23h: As100 PAP: O AUTH-NAK id 1 len 25 msg is "Authorization failed"
5d23h: As100 AAA/AUTHOR: Duplicate per-user event LCP_DOWN ignored
5d23h: AAA/MEMORY: free_user (0x614B22B8) user='tom' ruser='NULL' port='Async101
5d23h: As100 AAA/AUTHOR/FSM: (0): LCP succeeds trivially
5d23h: %LINK-5-CHANGED: Interface Async100, changed state to reset
5d23h: %LINK-3-UPDOWN: Interface Async100, changed state to down
DEFAULT Group == "remoteAccess", Auth-Type := LDAP
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP,
Fall-Through = YES#
Thanks in Advance.
_________________________________________________________________
Add MSN 8 Internet Software to your existing Internet access and enjoy patented spam protection and more. Sign up now! http://join.msn.com/?page=dept/byoa
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
