Why don't you put the 2600/2900 into debug mode for RADIUS?
John -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dustin Doris Sent: Friday, July 09, 2004 3:36 PM To: [EMAIL PROTECTED] Subject: Re: Authenticating to Cisco 29xx using OpenLDAP and FreeRadius What about radiusd -x? On Fri, 9 Jul 2004, Robert Banniza wrote: > Here is what we are seeing when a user tries to login: > > % Authorization failed. > > Connection to host lost. > > > On Fri, Jul 09, 2004 at 12:42:05PM -0400, Dustin Doris wrote: > > What is the debug output? What happens when you try to login to the > > router? User denied? > > > > On Fri, 9 Jul 2004, Robert Banniza wrote: > > > > > Guys, > > > We are trying to allow users to authenticate to Cisco 26xx routers using > > > Freeradius with the rlm_ldap module (OpenLDAP). We would like some of > > > these users to be able to log in with enable privileges. The following > > > is what we have done to try this with no avail. The following is a > > > sample ldif entry: > > > > > > ################################################################# > > > dn: uid=homer, ou=people, dc=test, dc=net > > > objectclass: person > > > objectclass: radiusprofile > > > objectclass: uidObject > > > objectClass: inetOrgPerson > > > objectClass: posixAccount > > > objectClass: extensibleObject > > > cn: Homer Simpson > > > sn: Simpson > > > loginShell: /bin/bash > > > userpassword: {SSHA}fghkjfghkhgkfhgrofZyn2u9yiAAxbMP > > > uidnumber: 2001 > > > gidnumber: 20 > > > homeDirectory: /home/homer > > > uid: homer > > > shadowLastChange: 10877 > > > shadowMin: 0 > > > shadowMax: 999999 > > > shadowWarning: 7 > > > shadowInactive: -1 > > > shadowExpire: -1 > > > shadowFlag: 0 > > > radiusAuthType: LDAP > > > radiusReplyItem: Juniper-Local-User-Name := tier1 > > > radiusReplyItem: Cisco-AVPair := "shell:priv-lvl=15" > > > radiusprofileDN: uid=homer, ou=people, dc=test, dc=net > > > ################################################################# > > > > > > The following is what we have on the router: > > > > > > ################################################################# > > > aaa new-model > > > aaa authentication login default group radius enable > > > aaa authorization exec default group radius > > > > > > enable secret password > > > > > > radius-server host 67.106.198.70 auth-port 1812 acct-port 1813 > > > radius-server retransmit 3 > > > radius-server key testing123 > > > ################################################################# > > > > > > What else are we missing? Any help would be appreciated. > > > > > > Robert > > > > > > - > > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
