Here is the debug output:
2d04h: AAA/MEMORY: create_user (0x20F7E20) user='' ruser='' port='tty1'
+rem_addr='10.1.1.162' authen_type=ASCII service=
LOGIN priv=1
2d04h: AAA/AUTHEN/START (1821432037): port='tty1' list='' action=LOGIN
+service=LOGIN
2d04h: AAA/AUTHEN/START (1821432037): using "default" list
2d04h: AAA/AUTHEN/START (1821432037): Method=radius (radius)
2d04h: AAA/AUTHEN (1821432037): status = GETUSER
2d04h: AAA/AUTHEN/CONT (1821432037): continue_login (user='(undef)')
2d04h: AAA/AUTHEN (1821432037): status = GETUSER
2d04h: AAA/AUTHEN (1821432037): Method=radius (radius)
2d04h: AAA/AUTHEN (1821432037): status = GETPASS
2d04h: AAA/AUTHEN/CONT (1821432037): continue_login (user='homer')
2d04h: AAA/AUTHEN (1821432037): status = GETPASS
2d04h: AAA/AUTHEN (1821432037): Method=radius (radius)
2d04h: AAA/AUTHEN (1821432037): status = PASS
2d04h: tty1 AAA/AUTHOR/EXEC (3720401710): Port='tty1' list=''
service=EXEC
2d04h: AAA/AUTHOR/EXEC: tty1 (3720401710) user='homer'
2d04h: tty1 AAA/AUTHOR/EXEC (3720401710): send AV service=shell
2d04h: tty1 AAA/AUTHOR/EXEC (3720401710): send AV cmd*
2d04h: tty1 AAA/AUTHOR/EXEC (3720401710): found list "default"
2d04h: tty1 AAA/AUTHOR/EXEC (3720401710): Method=radius (radius)
2d04h: AAA/AUTHOR (3720401710): Post authorization status = FAIL
2d04h: AAA/AUTHOR/EXEC: Authorization FAILED
2d04h: AAA/MEMORY: free_user (0x20F7E20) user='homer' ruser=''
port='tty1'
+rem_addr='10.1.1.162' authen_type=ASCII servi
ce=LOGIN priv=1
Soutlake#2#
Soutlake#2#
Soutlake#2#
Soutlake#2#
Soutlake#2#
Soutlake#2#
Soutlake#2#
Soutlake#2#
Soutlake#2#
Soutlake#2#
Soutlake#2#
2d04h: AAA: parse name=tty1 idb type=-1 tty=-1
2d04h: AAA: name=tty1 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=1
+channel=0
2d04h: AAA/MEMORY: create_user (0x20F7C0C) user='' ruser='' port='tty1'
+rem_addr='10.1.1.162' authen_type=ASCII service=
LOGIN priv=1
2d04h: AAA/AUTHEN/START (2535633014): port='tty1' list='' action=LOGIN
+service=LOGIN
2d04h: AAA/AUTHEN/START (2535633014): using "default" list
2d04h: AAA/AUTHEN/START (2535633014): Method=radius (radius)
2d04h: AAA/AUTHEN (2535633014): status = GETUSER
2d04h: AAA/AUTHEN/CONT (2535633014): continue_login (user='(undef)')
2d04h: AAA/AUTHEN (2535633014): status = GETUSER
2d04h: AAA/AUTHEN (2535633014): Method=radius (radius)
2d04h: AAA/AUTHEN (2535633014): status = GETPASS
2d04h: AAA/AUTHEN/CONT (2535633014): continue_login (user='jessica')
2d04h: AAA/AUTHEN (2535633014): status = GETPASS
2d04h: AAA/AUTHEN (2535633014): Method=radius (radius)
2d04h: AAA/AUTHEN (2535633014): status = PASS
2d04h: tty1 AAA/AUTHOR/EXEC (1601631891): Port='tty1' list=''
service=EXEC
2d04h: AAA/AUTHOR/EXEC: tty1 (1601631891) user='jessica'
2d04h: tty1 AAA/AUTHOR/EXEC (1601631891): send AV service=shell
2d04h: tty1 AAA/AUTHOR/EXEC (1601631891): send AV cmd*
2d04h: tty1 AAA/AUTHOR/EXEC (1601631891): found list "default"
2d04h: tty1 AAA/AUTHOR/EXEC (1601631891): Method=radius (radius)
2d04h: AAA/AUTHOR (1601631891): Post authorization status = FAIL
2d04h: AAA/AUTHOR/EXEC: Authorization FAILED
2d04h: AAA/MEMORY: free_user (0x20F7C0C) user='jessica' ruser=''
port='tty1'
+rem_addr='10.1.1.162' authen_type=ASCII ser
vice=LOGIN priv=1
On Fri, Jul 09, 2004 at 12:42:05PM -0400, Dustin Doris wrote:
> What is the debug output? What happens when you try to login to the
> router? User denied?
>
> On Fri, 9 Jul 2004, Robert Banniza wrote:
>
> > Guys,
> > We are trying to allow users to authenticate to Cisco 26xx routers using
> > Freeradius with the rlm_ldap module (OpenLDAP). We would like some of
> > these users to be able to log in with enable privileges. The following
> > is what we have done to try this with no avail. The following is a
> > sample ldif entry:
> >
> > #################################################################
> > dn: uid=homer, ou=people, dc=test, dc=net
> > objectclass: person
> > objectclass: radiusprofile
> > objectclass: uidObject
> > objectClass: inetOrgPerson
> > objectClass: posixAccount
> > objectClass: extensibleObject
> > cn: Homer Simpson
> > sn: Simpson
> > loginShell: /bin/bash
> > userpassword: {SSHA}fghkjfghkhgkfhgrofZyn2u9yiAAxbMP
> > uidnumber: 2001
> > gidnumber: 20
> > homeDirectory: /home/homer
> > uid: homer
> > shadowLastChange: 10877
> > shadowMin: 0
> > shadowMax: 999999
> > shadowWarning: 7
> > shadowInactive: -1
> > shadowExpire: -1
> > shadowFlag: 0
> > radiusAuthType: LDAP
> > radiusReplyItem: Juniper-Local-User-Name := tier1
> > radiusReplyItem: Cisco-AVPair := "shell:priv-lvl=15"
> > radiusprofileDN: uid=homer, ou=people, dc=test, dc=net
> > #################################################################
> >
> > The following is what we have on the router:
> >
> > #################################################################
> > aaa new-model
> > aaa authentication login default group radius enable
> > aaa authorization exec default group radius
> >
> > enable secret password
> >
> > radius-server host 67.106.198.70 auth-port 1812 acct-port 1813
> > radius-server retransmit 3
> > radius-server key testing123
> > #################################################################
> >
> > What else are we missing? Any help would be appreciated.
> >
> > Robert
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
