Hi,
I have to configure an async callback solution using Cisco IOS and
Freeradius.
Up to now, the user can dial in and will be authenticated against my
freeradius server. Anything works fine.
After setting up the callback things on the router and on the radius server,
the user will still be granted access without any callback options.
Debugging the cisco callback during the session setup, I will get the
message:
Se0/1 MCB: Start
Se0/1 MCB: Callback not authorized for this user stefancb
...
What I've done so far:
On WinXP, I left anything default, so that the user will be given the
choice, to be called back if the server makes an offer.
On the Cisco, I've configured:
interface Serial0/1
physical-layer async
ip address 10.1.20.200 255.255.255.0
ip nat inside
encapsulation ppp
ip tcp adjust-mss 1452
async mode interactive
peer default ip address pool modemippool
no keepalive
ppp callback accept
ppp authentication chap
!
chat-script offhook "" "ATH1" OK
chat-script callback ABORT ERROR ABORT BUSY "" "ATZ" OK "ATDT \T" TIMEOUT60
CONNECT \c
line 2
flush-at-activation
script modem-off-hook offhook
script callback callback
modem InOut
modem autoconfigure discovery
transport input all
autoselect during-login
autoselect ppp
speed 115200
The user is configured on the radius server:
stefancb Auth-Type := Local, User-Password == "hello"
Service-Type = Callback-Framed-User,
Framed-Protocol = PPP,
Cisco-AVPair = "ip:dns-servers=10.1.1.2",
Cisco-AVPair != "ip:wins-servers=10.1.1.2",
Cisco-AVPair != "lcp:callback-dialstring=0123456",
I've also tested
Service-Type = Framed-User,
What's wrong here?
How do I have to set up the user on my Radius Server?
Thank You.
Regards Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
