(RADIATOR) Cisco AS5300 authen OK autho FAIL

Mon, 17 Apr 2000 10:54:25 -0700 

Hi!

(Short summary: normal dialin works fine, avpair statements get rejected
by the AS5300 due to 'no appropriate authorization type for user' error)

Our setup is an AS5300 together with Radiator 2.16alpha (maybe the version
numer is the problem, but hey, living on the edge rules right ? :)

I try to dial in with a single ISDN channel, which works out fine. Until i
try to add authorization parameters (avpairs)
The radiator config is more then standard, and it does everything the
AS5300 asks for, but for some odd reason the AS5300 isn't happy with the
AVPair statements:

user1   User-Password="blerk"
        Framed-Protocol = PPP,
        Framed-Netmask = "255.255.255.255",
        cisco-avpair = "lcp:interface-config:ip address 192.168.121.133
255.255.255.224"

The cisco has (among other aaa stuff, but these apply):

aaa authentication ppp use-radius if-needed local group radius
aaa authorization network default group radius

Which gives me:

---snip(begin of authentication sequence)---
4d00h:         Attribute 18 45 2757656C
4d00h: RADIUS: saved authorization data for user 61BF1698 at 61C0713C
4d00h: AAA/AUTHEN (327552900): status = PASS
4d00h: Se0:0 AAA/AUTHOR/LCP: Authorize LCP
4d00h: Se0:0 AAA/AUTHOR/LCP (2298034002): Port='Serial0:0' list=''
service=NET
4d00h: AAA/AUTHOR/LCP: Se0:0 (2298034002) user='user1'
4d00h: Se0:0 AAA/AUTHOR/LCP (2298034002): send AV service=ppp
4d00h: Se0:0 AAA/AUTHOR/LCP (2298034002): send AV protocol=lcp
4d00h: Se0:0 AAA/AUTHOR/LCP (2298034002): found list "default"
4d00h: Se0:0 AAA/AUTHOR/LCP (2298034002): Method=radius (radius)
4d00h: RADIUS: cisco AVPair "lcp:interface-config=ip address
192.168.121.133 255.255.255.224"
4d00h: RADIUS: no appropriate authorization type for user.
4d00h: Se0:0 AAA/AUTHOR (2298034002): Post authorization status = FAIL
4d00h: Se0:0 AAA/AUTHOR/LCP: Denied
4d00h: AAA/MEMORY: free_user (0x61BF1698) user='user1' ruser=''
port='Serial0:0' rem_addr='102889955/102450977' authen_type=PAP
service=PPP priv=1
4d00h: Se0:0 AAA/AUTHOR/FSM: (0): LCP succeeds trivially
 ---snip---

Ofcourse Radiator gives it's OK to the question of the NAS about the
authorization stuff, but why is the NAS rejecting it nevertheless with
'no appropriate authorization type' ???

Anyone ?

Thanks in advance !

Greets,
        Nils Swart      - [EMAIL PROTECTED]


===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to