I have a small problem with getting a Cisco AS5300 to Auth using free
fradius. The same config file on the Cisco works fine with Merit Basic
radius.
The user dials up, enters the login and password and it just hangs there.
As shown below
Welcome to simon.test login:allard
Password:
% Backup authentication
Welcome to simon.test login:
% Welcome to simon.test login: timeout expired!
% Error in authentication.
Welcome to simon.test login:
% Welcome to simon.test login: timeout expired!
% Error in authentication.
NO CARRIER
The radius server is defently reciveing the packet and sending an Accept
packet back. It just seems like the As5300 is ignoreing the packet.
Free radius debug below. (IP's and Password have been changed)
rlm_ldap: - authenticate
rlm_ldap: login attempt by "allard" with password "PASSWORD"
rlm_ldap: user DN: loginName=allard, ou=auth, dc=ihug, dc=co, dc=nz
rlm_ldap: (re)connect to localhost:389, authentication 1
rlm_ldap: bind as loginName=allard, ou=auth, dc=ihug, dc=co,
dc=nz/PASSWORD
rlm_ldap: waiting for bind result ...
rlm_ldap: user allard authenticated succesfully
modcall[authenticate]: module "ldap-local" returns ok
modcall: group authtype returns ok
radius_xlat: ''
radius_xlat: 'Welcome to the Internet Group'
radius_xlat: 'Welcome to the Internet Group'
radius_xlat: ''
Login OK: [allard] (from client ihugcisco-test port 5)
Sending Access-Accept of id 6 to 192.168.0.1:1645
Framed-Protocol = PPP
Service-Type = Framed-User
Reply-Message = ""
Reply-Message = "Welcome to the Internet Group"
Reply-Message = "Welcome to the Internet Group"
Reply-Message = ""
Idle-Timeout = 1800
Finished request 11
There is no errors in the radius.log file.
Relavent parts of the cisco config are below. The below config file works
fine with Merit Radius.
aaa new-model
aaa session-mib disconnect
aaa authentication username-prompt "Welcome to simon.test login:"
aaa authentication login default group radius
aaa authentication login CONSOLE none
aaa authentication login ADMIN group tacacs+ enable
aaa authentication login console none
aaa authentication ppp default if-needed group radius
aaa authorization exec ADMIN group tacacs+ if-authenticated
aaa authorization exec console none
aaa authorization network default group radius if-authenticated
aaa accounting delay-start
aaa accounting exec ADMIN wait-start group tacacs+
aaa accounting commands 1 ADMIN stop-only group tacacs+
aaa accounting commands 15 ADMIN stop-only group tacacs+
aaa accounting network default start-stop group radius
aaa accounting connection default start-stop group radius
radius-server host 192.168.0.2 auth-port 1645 acct-port 1646
radius-server retransmit 3
radius-server timeout 20
radius-server key PASSWORD
radius-server vsa send accounting
radius-server vsa send authentication
Cisco Debug
Jun 28 16:59:47.117 NZST: AAA/AUTHEN (3656183572): status = ERROR
Jun 28 16:59:47.117 NZST: AAA/AUTHEN/START (2834581603): port='tty5'
list='' action=LOGIN service=LOGIN
Jun 28 16:59:47.117 NZST: AAA/AUTHEN/START (2834581603): Restart
Jun 28 16:59:47.117 NZST: AAA/AUTHEN/START (2834581603): no methods left
to try
Jun 28 16:59:47.117 NZST: AAA/AUTHEN (2834581603): status = ERROR
Jun 28 16:59:47.117 NZST: AAA/AUTHEN/START (2834581603): failed to
authenticate
Jun 28 16:59:49.117 NZST: AAA/MEMORY: free_user (0x6223F5F4) user='allard'
ruser='' port='tty5' rem_addr='async/3038080' authen_type=ASCII
service=LOGIN priv=1
Jun 28 16:59:49.117 NZST: AAA: parse name=tty5 idb type=10 tty=5
Jun 28 16:59:49.117 NZST: AAA: name=tty5 flags=0x11 type=4 shelf=0 slot=0
adapter=0 port=5 channel=0
Jun 28 16:59:49.117 NZST: AAA: parse name=E1 0:22 idb type=-1 tty=-1
Jun 28 16:59:49.117 NZST: AAA: name=E1 0:22 flags=0x51 type=9 shelf=0
slot=0 adapter=0 port=0 channel=22
Jun 28 16:59:49.117 NZST: AAA/MEMORY: create_user (0x621E72CC) user=''
ruser='' port='tty5' rem_addr='async/3038080' authen_type=ASCII
service=LOGIN priv=1
Jun 28 16:59:49.117 NZST: AAA/AUTHEN/START (427012612): port='tty5'
list='' action=LOGIN service=LOGIN
Jun 28 16:59:49.117 NZST: AAA/AUTHEN/START (427012612): using "default"
list
Jun 28 16:59:49.117 NZST: AAA/AUTHEN/START (427012612): Method=radius
(radius)
Jun 28 16:59:49.117 NZST: AAA/AUTHEN (427012612): status = GETUSER
Jun 28 17:00:20.049 NZST: AAA/AUTHEN/ABORT: (427012612) because Login
timed out.
Can anyone see anything obvious?
Regards
Simon Allard
Simon Allard (Senior Tool Monkey)
IHUG
Ph (09) 358-5067 Email: [EMAIL PROTECTED]
I'm out of my mind right now, but feel free to leave a message.....
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
