Just to Add on, I am also seeing this in the cisco debug
Jun 28 17:23:03.938 NZST: RADIUS: ustruct sharecount=1 Jun 28 17:23:03.938 NZST: RADIUS: added cisco VSA 2 len 4 "tty6" Jun 28 17:23:03.942 NZST: RADIUS: Initial Transmit tty6 id 7 203.109.254.87:1645, Access-Request, len 85 Jun 28 17:23:03.942 NZST: Attribute 4 6 CB6D8262 Jun 28 17:23:03.942 NZST: Attribute 5 6 00000006 Jun 28 17:23:03.942 NZST: Attribute 26 12 0000000902067474 Jun 28 17:23:03.942 NZST: Attribute 61 6 00000000 Jun 28 17:23:03.942 NZST: Attribute 1 8 616C6C61 Jun 28 17:23:03.942 NZST: Attribute 30 9 33303338 Jun 28 17:23:03.942 NZST: Attribute 2 18 AFC25212 Jun 28 17:23:04.006 NZST: RADIUS: Received from 192.168.0.2 - un-sane packet > I have a small problem with getting a Cisco AS5300 to Auth using free > fradius. The same config file on the Cisco works fine with Merit Basic > radius. > > The user dials up, enters the login and password and it just hangs there. > As shown below > > Welcome to simon.test login:allard > Password: > % Backup authentication > > Welcome to simon.test login: > % Welcome to simon.test login: timeout expired! > % Error in authentication. > > Welcome to simon.test login: > % Welcome to simon.test login: timeout expired! > % Error in authentication. > > NO CARRIER > > > The radius server is defently reciveing the packet and sending an Accept > packet back. It just seems like the As5300 is ignoreing the packet. > > Free radius debug below. (IP's and Password have been changed) > > rlm_ldap: - authenticate > rlm_ldap: login attempt by "allard" with password "PASSWORD" > rlm_ldap: user DN: loginName=allard, ou=auth, dc=ihug, dc=co, dc=nz > rlm_ldap: (re)connect to localhost:389, authentication 1 > rlm_ldap: bind as loginName=allard, ou=auth, dc=ihug, dc=co, > dc=nz/PASSWORD > rlm_ldap: waiting for bind result ... > rlm_ldap: user allard authenticated succesfully > modcall[authenticate]: module "ldap-local" returns ok > modcall: group authtype returns ok > radius_xlat: '' > radius_xlat: 'Welcome to the Internet Group' > radius_xlat: 'Welcome to the Internet Group' > radius_xlat: '' > Login OK: [allard] (from client ihugcisco-test port 5) > Sending Access-Accept of id 6 to 192.168.0.1:1645 > Framed-Protocol = PPP > Service-Type = Framed-User > Reply-Message = "" > Reply-Message = "Welcome to the Internet Group" > Reply-Message = "Welcome to the Internet Group" > Reply-Message = "" > Idle-Timeout = 1800 > Finished request 11 > > > There is no errors in the radius.log file. > > > Relavent parts of the cisco config are below. The below config file works > fine with Merit Radius. > > aaa new-model > aaa session-mib disconnect > aaa authentication username-prompt "Welcome to simon.test login:" > aaa authentication login default group radius > aaa authentication login CONSOLE none > aaa authentication login ADMIN group tacacs+ enable > aaa authentication login console none > aaa authentication ppp default if-needed group radius > aaa authorization exec ADMIN group tacacs+ if-authenticated > aaa authorization exec console none > aaa authorization network default group radius if-authenticated > aaa accounting delay-start > aaa accounting exec ADMIN wait-start group tacacs+ > aaa accounting commands 1 ADMIN stop-only group tacacs+ > aaa accounting commands 15 ADMIN stop-only group tacacs+ > aaa accounting network default start-stop group radius > aaa accounting connection default start-stop group radius > > > radius-server host 192.168.0.2 auth-port 1645 acct-port 1646 > radius-server retransmit 3 > radius-server timeout 20 > radius-server key PASSWORD > radius-server vsa send accounting > radius-server vsa send authentication > > > > Cisco Debug > Jun 28 16:59:47.117 NZST: AAA/AUTHEN (3656183572): status = ERROR > Jun 28 16:59:47.117 NZST: AAA/AUTHEN/START (2834581603): port='tty5' > list='' action=LOGIN service=LOGIN > Jun 28 16:59:47.117 NZST: AAA/AUTHEN/START (2834581603): Restart > Jun 28 16:59:47.117 NZST: AAA/AUTHEN/START (2834581603): no methods left > to try > Jun 28 16:59:47.117 NZST: AAA/AUTHEN (2834581603): status = ERROR > Jun 28 16:59:47.117 NZST: AAA/AUTHEN/START (2834581603): failed to > authenticate > Jun 28 16:59:49.117 NZST: AAA/MEMORY: free_user (0x6223F5F4) user='allard' > ruser='' port='tty5' rem_addr='async/3038080' authen_type=ASCII > service=LOGIN priv=1 > Jun 28 16:59:49.117 NZST: AAA: parse name=tty5 idb type=10 tty=5 > Jun 28 16:59:49.117 NZST: AAA: name=tty5 flags=0x11 type=4 shelf=0 slot=0 > adapter=0 port=5 channel=0 > Jun 28 16:59:49.117 NZST: AAA: parse name=E1 0:22 idb type=-1 tty=-1 > Jun 28 16:59:49.117 NZST: AAA: name=E1 0:22 flags=0x51 type=9 shelf=0 > slot=0 adapter=0 port=0 channel=22 > Jun 28 16:59:49.117 NZST: AAA/MEMORY: create_user (0x621E72CC) user='' > ruser='' port='tty5' rem_addr='async/3038080' authen_type=ASCII > service=LOGIN priv=1 > Jun 28 16:59:49.117 NZST: AAA/AUTHEN/START (427012612): port='tty5' > list='' action=LOGIN service=LOGIN > Jun 28 16:59:49.117 NZST: AAA/AUTHEN/START (427012612): using "default" > list > Jun 28 16:59:49.117 NZST: AAA/AUTHEN/START (427012612): Method=radius > (radius) > Jun 28 16:59:49.117 NZST: AAA/AUTHEN (427012612): status = GETUSER > Jun 28 17:00:20.049 NZST: AAA/AUTHEN/ABORT: (427012612) because Login > timed out. > > > Can anyone see anything obvious? > > Regards > Simon Allard > > Simon Allard (Senior Tool Monkey) > IHUG > Ph (09) 358-5067 Email: [EMAIL PROTECTED] > > I'm out of my mind right now, but feel free to leave a message..... > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > Simon Allard (Senior Tool Monkey) IHUG Ph (09) 358-5067 Email: [EMAIL PROTECTED] I'm out of my mind right now, but feel free to leave a message..... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
