Re: (RADIATOR) Authorization Problems

Hugh Irvine Sat, 2 Jan 1999 23:42:25 -0800

Hello Aaron -

On Fri, 05 Nov 1999, Aaron Harris wrote:
> Hi,
> 
> Could someone please give me and idea on where to start looking to fix this?
> 

> ****************************************************************************
> *******
> *Mar  1 04:40:37: RADIUS: no appropriate authorization type for user.
> ****************************************************************************
> *******
> *Mar  1 04:40:37: AAA/AUTHOR (3612044957): Post authorization status = FAIL
> *Mar  1 04:40:37: AAA/AUTHOR/LCP As25: Denied
> 
> --- RADIATOR LOG TRACE 4
> 
> Code:       Access-Request
> Identifier: 91
> Authentic:  <188><174>rsQ<17><197>]<21><201>b<215><183><25><165><138>
> Attributes:
>         NAS-IP-Address = 203.42.10.2
>         NAS-Port = 25
>         NAS-Port-Type = Async
>         User-Name = "buzz"
>         Called-Station-Id = "********"
>         CHAP-Password =
> "<1><180>3<25><202><242>b<9><161>li<238><9>k<140>Q<137>"
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
> 
> *** Sending to 203.42.10.2 port 1645 ....
> Code:       Access-Accept
> Identifier: 91
> Authentic:  <188><174>rsQ<17><197>]<21><201>b<215><183><25><165><138>
> Attributes:
>         Framed-Protocol = PPP
>         Framed-IP-Netmask = 255.255.255.0
>         Framed-Routing = None
>         Framed-MTU = 1500
>         Framed-Compression = Van-Jacobson-TCP-IP

Cisco's are very picky about the attributes they receive in an Access-Accept -
They *require* that the Service-Type in the reply match the Service-Type in the
request. In the debug output we can see that the Service-Type = Framed-User
arrives in the Access-Request, but the reply does not include the same
Service-Type = Framed-User.

It is not obvious in your configuration file where the reply attributes are
coming from, but you will have to add the Service-Type to make the Cisco happy.

hth

Hugh


--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Authorization Problems

Reply via email to
