Re: Authenticating to Cisco 29xx using OpenLDAP and FreeRadius

Fri, 09 Jul 2004 11:42:28 -0700 

Here is what we are seeing when a user tries to login:

% Authorization failed.
                                                                                
Connection to host lost.
                                                                                

On Fri, Jul 09, 2004 at 12:42:05PM -0400, Dustin Doris wrote:
> What is the debug output?  What happens when you try to login to the
> router?  User denied?
> 
> On Fri, 9 Jul 2004, Robert Banniza wrote:
> 
> > Guys,
> > We are trying to allow users to authenticate to Cisco 26xx routers using
> > Freeradius with the rlm_ldap module (OpenLDAP). We would like some of
> > these users to be able to log in with enable privileges. The following
> > is what we have done to try this with no avail. The following is a
> > sample ldif entry:
> >
> > #################################################################
> > dn: uid=homer, ou=people, dc=test, dc=net
> > objectclass: person
> > objectclass: radiusprofile
> > objectclass: uidObject
> > objectClass: inetOrgPerson
> > objectClass: posixAccount
> > objectClass: extensibleObject
> > cn: Homer Simpson
> > sn: Simpson
> > loginShell: /bin/bash
> > userpassword: {SSHA}fghkjfghkhgkfhgrofZyn2u9yiAAxbMP
> > uidnumber: 2001
> > gidnumber: 20
> > homeDirectory: /home/homer
> > uid: homer
> > shadowLastChange: 10877
> > shadowMin: 0
> > shadowMax: 999999
> > shadowWarning: 7
> > shadowInactive: -1
> > shadowExpire: -1
> > shadowFlag: 0
> > radiusAuthType: LDAP
> > radiusReplyItem: Juniper-Local-User-Name := tier1
> > radiusReplyItem: Cisco-AVPair := "shell:priv-lvl=15"
> > radiusprofileDN: uid=homer, ou=people, dc=test, dc=net
> > #################################################################
> >
> > The following is what we have on the router:
> >
> > #################################################################
> > aaa new-model
> > aaa authentication login default group radius enable
> > aaa authorization exec default group radius
> >
> > enable secret password
> >
> > radius-server host 67.106.198.70 auth-port 1812 acct-port 1813
> > radius-server retransmit 3
> > radius-server key testing123
> > #################################################################
> >
> > What else are we missing? Any help would be appreciated.
> >
> > Robert
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to