Here is what we are seeing when a user tries to login: % Authorization failed. Connection to host lost.
On Fri, Jul 09, 2004 at 12:42:05PM -0400, Dustin Doris wrote: > What is the debug output? What happens when you try to login to the > router? User denied? > > On Fri, 9 Jul 2004, Robert Banniza wrote: > > > Guys, > > We are trying to allow users to authenticate to Cisco 26xx routers using > > Freeradius with the rlm_ldap module (OpenLDAP). We would like some of > > these users to be able to log in with enable privileges. The following > > is what we have done to try this with no avail. The following is a > > sample ldif entry: > > > > ################################################################# > > dn: uid=homer, ou=people, dc=test, dc=net > > objectclass: person > > objectclass: radiusprofile > > objectclass: uidObject > > objectClass: inetOrgPerson > > objectClass: posixAccount > > objectClass: extensibleObject > > cn: Homer Simpson > > sn: Simpson > > loginShell: /bin/bash > > userpassword: {SSHA}fghkjfghkhgkfhgrofZyn2u9yiAAxbMP > > uidnumber: 2001 > > gidnumber: 20 > > homeDirectory: /home/homer > > uid: homer > > shadowLastChange: 10877 > > shadowMin: 0 > > shadowMax: 999999 > > shadowWarning: 7 > > shadowInactive: -1 > > shadowExpire: -1 > > shadowFlag: 0 > > radiusAuthType: LDAP > > radiusReplyItem: Juniper-Local-User-Name := tier1 > > radiusReplyItem: Cisco-AVPair := "shell:priv-lvl=15" > > radiusprofileDN: uid=homer, ou=people, dc=test, dc=net > > ################################################################# > > > > The following is what we have on the router: > > > > ################################################################# > > aaa new-model > > aaa authentication login default group radius enable > > aaa authorization exec default group radius > > > > enable secret password > > > > radius-server host 67.106.198.70 auth-port 1812 acct-port 1813 > > radius-server retransmit 3 > > radius-server key testing123 > > ################################################################# > > > > What else are we missing? Any help would be appreciated. > > > > Robert > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html