Re: (RADIATOR) Access Request...
Hello GwangHee - On Fri, 14 Dec 2001 09:03, GwangHee Yi wrote: Dear All, Would anyone tell me what configuration of CISCO send me an Access-Request or show me configuration file? CISCO do not send me an Access-Request I am using CISCO AS5300 and IOS 12.1. There is an item on this in the FAQ: 5. How do I configure a Cisco NAS for Radius? You will need something like this in your Terminal server configuration: aaa new-model aaa authentication login DIAL-SCRIPT-USERS radius aaa authentication login TELNET-USERS local aaa authentication ppp PAP-USERS if-needed radius aaa authorization network radius aaa accounting network start-stop radius ... radius-server host 1.2.3.4 auth-port 1645 acct-port 1646 radius-server key blahblahblah You will probably want to use these reply attributes in order to enable PPP sessions: Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Netmask = 255.255.255.0, Framed-Routing = None, Framed-MTU = 1500, Framed-Compression = Van-Jacobson-TCP-IP There is a description of Cisco's use of Radius attributes for IOS 12 in RADIUS Attributes overview. There has also been a great deal of discussion on this topic on the mailing list, so check the archive site (www.open.com.au/archives/radiator) and of course the best source of information is the Cisco web site. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Access-Request only. Customer can't login
Hello Andrew - What does the rest of the log show - what are the reply attributes returned to the NAS? And what does the NAS log show? thanks Hugh At 16:54 -0500 01/1/15, Andrew P. Kaplan wrote: A couple of our customers are unable to login. The logs only show an "Access-Request" but no "Accounting-Request". It seems if they keep trying sometime they login. Any ideas as to the cause of the problem. Code: Access-Request Identifier: 222 Authentic: 1224224254231M148E_/248224|231214191 Attributes: User-Name = "scully" User-Password = "237186112214301273N2032191517?241 " Client-Id = 63.112.159.254 NAS-Port = 267 Acct-Session-Id = "17436660" USR-Interface-Index = 1523 Service-Type = Framed-User Framed-Protocol = PPP Chassis-Call-Slot = 2 Chassis-Call-Span = 1 Chassis-Call-Channel = 11 Calling-Station-Id = "2032455084" Called-Station-Id = "8609411055" NAS-Port-Type = Async Mon Jan 15 17:40:59 2001: DEBUG: Rewrote user name to scully Mon Jan 15 17:40:59 2001: DEBUG: Rewrote user name to scully Mon Jan 15 17:40:59 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT' Mon Jan 15 17:40:59 2001: DEBUG: Deleting session for scully, 63.112.159.254, 267 Mon Jan 15 17:40:59 2001: DEBUG: do query is: delete from Sessions where Username='scully' and NASIdent='63.112.159.254' and NASPort=267 Mon Jan 15 17:40:59 2001: DEBUG: Handling with Radius::AuthFILE Mon Jan 15 17:40:59 2001: DEBUG: Radius::AuthFILE looks for match with scully Mon Jan 15 17:40:59 2001: DEBUG: Query is: select NASIdent, NASPort, SessionID from Sessions where Username='scully' Mon Jan 15 17:40:59 2001: DEBUG: Radius::AuthFILE ACCEPT: Mon Jan 15 17:40:59 2001: DEBUG: Access accepted for scully Mon Jan 15 17:40:59 2001: DEBUG: Packet dump: *** Sending to 63.112.159.254 port 1645 Andrew P. Kaplan, CNE, MCSE+Internet, MCT, CCNA, CCDA CyberShore, Inc. -- Premium Internet Services -- http://www.cshore.com "The ultimate measure of a man is not where he stands in moments of comfort, but where he stands at times of challenge and controversy." -Martin Luther King, Jr. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Access-Request Attributes?
Hello Colin - On Thu, 20 Apr 2000, colinc wrote: Hi, Was browsing throught the archives, and i noticed that some access-requests have more attributes than the default. eg : Code: Access-Request Identifier: 209 Authentic: G$205D151157173qf2051727249*198169 Attributes: User-Name = "user" CHAP-Password = "1213222g:M180189Xw190213"e159156231" NAS-Identifier = "204.111.111.11" NAS-Port = 6307 NAS-Port-Type = Async Service-Type = Framed-User Framed-Protocol = PPP State = "" Client-Port-DNIS = "748" Acct-Session-Id = "308488437" Ascend-Data-Rate = 31200 Ascend-Xmit-Rate = 33600 The first thing to understand about Radius is there is no default. Different NAS vendors implement different sets of attributes in the Access and Accounting requests. Where do i specify what access-request attributes i want to check? It depends on which AuthBy you are using. If you are using the "default-user" file that we have discussed previously, you would do something like this: # file %D/default-users DEFAULT *some check items here*, Auth-Type = CheckUNIX, Group = Group1 *the reply items here* ... Note that in a users file, the first line contains the check items (starting at column 1) and the second and subsequent lines contain the reply items (with white space in column 1). Have a read through the manual and the example configuration files in the distribution to get a feel for how to do various things with the different AuthBy clauses. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Access-Request Attributes?
On Thu, Apr 20, 2000 at 02:46:45PM +1200, colinc wrote: Where do i specify what access-request attributes i want to check? Depends how Radiator is configured. For my purposes I use Handlers which redirect to AuthBy FILE entries. eg: DEFAULT Auth-Type = System, Called-Station-Id = 666 Check items always go on the first line, the rest of the lines are reply items. [EMAIL PROTECTED] === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
