We have the same setup wit FreeRADIUS (0.9.3 and 1.0-pre working fine..
obviously even with the same realm ;)
Now it depends what you want to do with the usernames, but the first
"Login incorrect" is not caused by the Cisco LAC ! it's caused by your
local setup somehow. I don't get these entries..
As I haven't enabled rlm_eap I cannot tell you whats going wrong here,
but it might be related to this.
I strip the DSL-realm off completely with hints and then auth. users
without any realm against a mysql-db.
login happens with [EMAIL PROTECTED]
--- hints ---
DEFAULT Suffix = "[EMAIL PROTECTED]", Strip-User-Name = Yes
Hint = "XX-xdsl"
DEFAULT Suffix = "#realm", Strip-User-Name = Yes
Hint = "XX-dial"
--- hints ---
using the hint in users to set global defaults and make the forced
disconnect happen at 02:00 GMT (thanks to Alan)
--- users ---
# Globals for services from XX-Netzdienste
DEFAULT Hint == "XX-xdsl"
Session-Timeout := `%{expr:86400 - ((%l - 7200) %% 86400)}`,
Framed-IP-Netmask := "255.255.255.255",
Cisco-Avpair = "ip:dns-servers=x.y.z.18 x.y.z.18"
DEFAULT Hint == "XX-dial"
Session-Timeout := `%{expr:86400 - ((%l - 7200) %% 86400)}`,
Idle-Timeout := 300,
Framed-IP-Netmask := "255.255.255.255",
Cisco-Avpair = "ip:dns-servers=x.y.z.18 x.y.z.18"
--- users ---
in my usergroup table as username only "user" is entered without any
realm.
hope this helps..
Michael
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Garry Glendown
> Sent: Sunday, May 09, 2004 9:41 PM
> To: [EMAIL PROTECTED]
> Subject: Problem with L2TP/Cisco and FreeRadius ...
>
>
> Hello,
>
> I'm trying to get a Cisco running with FreeRadius ... please note -
> FreeRadius as such is already working fine with other Dialup-routers
> (ascend max w/ ISDN/Modem dialup) ...
>
> We set up DSL dialup through a Cisco router. DSL is done
> through a L2TP
> tunnel, which in itself worked fine, too (using a different radius
> software for trial) - I tried to switch over to our standard
> server, but
> somehow it's not doing what it should, though I can't really
> see what's
> actually going wrong ...
>
> On the radius server, I even see a "login OK" message in the logfile
> (Cisco sends the part after the @-sign first, then retries with the
> complete username):
>
> Sun May 9 11:27:05 2004 : Auth: Login incorrect:
> [interdsl-6.de] (from
> client dsl-gw port 0)
> Sun May 9 11:27:20 2004 : Error: rlm_eap: EAP-Message not
> found Sun May 9 11:27:20 2004 : Auth: Login OK:
> [EMAIL PROTECTED] (from client dsl-gw port 0)
>
> The connection itself is disconnected after this ...
>
> Any idea? We are running 0.90 ATM, though we could update to
> the current ...
>
> tnx, -gg
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
