Hello Michael -
This sounds like Cisco VPDN tunnelling.
This example is from the standard “users” file in the Radiator distribution:
# This example shows how to configure a Cisco VPDN circuit:
open.com.au User-Password=cisco, Service-Type=Outbound-User
cisco-avpair = "vpdn:tunnel-id=cca-gw",
cisco-avpair = "vpdn:ip-addresses=1.2.3.4",
cisco-avpair = "vpdn:nas-password=pw",
cisco-avpair = "vpdn:gw-password=pw”
regards
Hugh
On 7 Nov 2013, at 04:56, Michael <[email protected]> wrote:
>
> Has anyone ever seen a situation where, for every authentication attempt
> to a radiator system from a cisco device, there is an authentication
> attempt right before it that appears to be:
>
> - a domain (the username with the 'username@' part stripped off).
> - plain text password is always 'cisco'.
> - Service-Type = Outbound-User
>
> if I remove this line from the cisco lns:
> aaa authorization network TEST group TEST
> ...the extra auth attempts stop, but then my radius network static
> profiles don't work, so it's not a solution but it narrows down the problem.
>
> my auth requests for the radiator system are essentially doubled due to
> this. This only started happening recently. Network guys sometimes are
> like a ticking time bomb and asking them can cause an explosion so i
> thought i would ask here.
>
>
> Mike
> _______________________________________________
> radiator mailing list
> [email protected]
> http://www.open.com.au/mailman/listinfo/radiator
--
Hugh Irvine
[email protected]
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc.
Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
