Re: (RADIATOR) Cisco AS5300 authen OK autho FAIL
Hello, This is probably due to your user definition above, which for a Cisco should include a Service-Type = Framed-User reply item. Cisco's are very picky about this. There have been several discussions about this on the list and you should be able to find the references on the archive site. Eeks sorry, i had been browsing around the last three months of archive, but hadn't found anything pointing to that. (and i had the idea that i put that statement in the default reply items) It actually doesn't complain about the appropriate type anymore, but now it whines about this : --snip-- 4d21h: Se0:0 AAA/AUTHOR/LCP: Processing AV interface-config=ip address 192.168.121.133 255.255.255.224 --snip-- 4d21h: Vi1 AAA/AUTHOR/FSM: (0): LCP succeeds trivially --snip-- 4d21h: Vi1 AAA/AUTHOR/FSM (2029435040): Method=radius (radius) 4d21h: RADIUS: cisco AVPair "lcp:interface-config=ip address 192.168.121.133 255.255.255.224" not applied for ip 4d21h: Vi1 AAA/AUTHOR (2029435040): Post authorization status = PASS_REPL 4d21h: Vi1 AAA/AUTHOR/FSM: We can start IPCP 4d21h: Vi1 AAA/AUTHOR/IPCP: Start. Her address 192.168.240.22, we want 0.0.0.0 --snip-- "not applied for ip".. i'm digging into that rightnow.. Greets, Nils Swart - [EMAIL PROTECTED] === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Cisco AS5300 authen OK autho FAIL
Hi! (Short summary: normal dialin works fine, avpair statements get rejected by the AS5300 due to 'no appropriate authorization type for user' error) Our setup is an AS5300 together with Radiator 2.16alpha (maybe the version numer is the problem, but hey, living on the edge rules right ? :) I try to dial in with a single ISDN channel, which works out fine. Until i try to add authorization parameters (avpairs) The radiator config is more then standard, and it does everything the AS5300 asks for, but for some odd reason the AS5300 isn't happy with the AVPair statements: user1 User-Password="blerk" Framed-Protocol = PPP, Framed-Netmask = "255.255.255.255", cisco-avpair = "lcp:interface-config:ip address 192.168.121.133 255.255.255.224" The cisco has (among other aaa stuff, but these apply): aaa authentication ppp use-radius if-needed local group radius aaa authorization network default group radius Which gives me: ---snip(begin of authentication sequence)--- 4d00h: Attribute 18 45 2757656C 4d00h: RADIUS: saved authorization data for user 61BF1698 at 61C0713C 4d00h: AAA/AUTHEN (327552900): status = PASS 4d00h: Se0:0 AAA/AUTHOR/LCP: Authorize LCP 4d00h: Se0:0 AAA/AUTHOR/LCP (2298034002): Port='Serial0:0' list='' service=NET 4d00h: AAA/AUTHOR/LCP: Se0:0 (2298034002) user='user1' 4d00h: Se0:0 AAA/AUTHOR/LCP (2298034002): send AV service=ppp 4d00h: Se0:0 AAA/AUTHOR/LCP (2298034002): send AV protocol=lcp 4d00h: Se0:0 AAA/AUTHOR/LCP (2298034002): found list "default" 4d00h: Se0:0 AAA/AUTHOR/LCP (2298034002): Method=radius (radius) 4d00h: RADIUS: cisco AVPair "lcp:interface-config=ip address 192.168.121.133 255.255.255.224" 4d00h: RADIUS: no appropriate authorization type for user. 4d00h: Se0:0 AAA/AUTHOR (2298034002): Post authorization status = FAIL 4d00h: Se0:0 AAA/AUTHOR/LCP: Denied 4d00h: AAA/MEMORY: free_user (0x61BF1698) user='user1' ruser='' port='Serial0:0' rem_addr='102889955/102450977' authen_type=PAP service=PPP priv=1 4d00h: Se0:0 AAA/AUTHOR/FSM: (0): LCP succeeds trivially ---snip--- Ofcourse Radiator gives it's OK to the question of the NAS about the authorization stuff, but why is the NAS rejecting it nevertheless with 'no appropriate authorization type' ??? Anyone ? Thanks in advance ! Greets, Nils Swart - [EMAIL PROTECTED] === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) subscribe nils@thrijswijk.nl
Greets, Nils Swart - [EMAIL PROTECTED] === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Crypt problem ?
Hello, In our passwd logfile we get: Sat Jul 10 21:50:47 1999:931636247:nils:{EFQ^Ledx:nils:FAIL Sat Jul 10 21:52:16 1999:931636336:nils:yB|H4hHK{:nils:FAIL Sat Jul 10 21:52:59 1999:931636379:nils:8P{T[+R:q:nils:FAIL Sat Jul 10 21:53:49 1999:931636429:nils:wAHf2F`0:nils:FAIL (in this case we are using a 'simple.cfg' with a user ''nils'' who has his name as password. Set as plain text password in the users file) We're using Radiator 2.13.1 with the latest patches applied, running on a Linux system, and receiving the requests from a proxy-radius server. The secrets between the proxy-radius and ours seem to be okay, but somehow this (imho) newbie problem keeps occuring. I've checked the docs, the FAQs etc for options on setting crypting or other coding on the received password, but I can't find anything. If it were for the configfile I created using the docs, i would find it strange.. but this is generated with the _simple.cfg_ provided in the tarbal of radiator.. ;( Could this be an error in some kind of crypt library ? (note: the users entry uses a plain text password entry. Note2: authenticating from another radius capable device (cisco 25xx) worked like a charm, but i had a situation that this weird crypto code also came by using the Cisco 25xx) Thanks in advance ! Btw: our login to open.au.com is 'thrijs' Greets, Nils Swart - [EMAIL PROTECTED] TH Rijswijk - System Administrator === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.