Hi, I'm currently investigating freeradius in order to migrate from tacacs+ to radius.
I got pretty much authentication and accounting to do what I want. But I cannot figure out what's wrong with the command authorization. Config seems good but nothing is sent to RADIUS server. Here's router config and DEBUG: Router config : aaa new-model aaa authentication login default group radius enable none aaa authentication enable default group radius enable none aaa authorization commands 1 default group radius if-authenticated aaa accounting exec default start-stop group radius aaa accounting commands 1 default start-stop group radius aaa accounting commands 15 default start-stop group radius aaa accounting connection default start-stop group radius aaa accounting system default start-stop group radius aaa processes 6 ! radius-server host xxx.xxx.72.238 auth-port 1812 acct-port 1813 radius-server retransmit 3 radius-server timeout 3 radius-server key testing123 When I issue with debug : Caribou>sh ver Command authorization failed. Caribou> 03:14:17: tty67 AAA/AUTHOR/CMD (3529157779): Port='tty67' list='' service=CMD 03:14:17: AAA/AUTHOR/CMD: tty67 (3529157779) user='' 03:14:17: tty67 AAA/AUTHOR/CMD (3529157779): send AV service=shell 03:14:17: tty67 AAA/AUTHOR/CMD (3529157779): send AV cmd=show 03:14:17: tty67 AAA/AUTHOR/CMD (3529157779): send AV cmd-arg=version 03:14:17: tty67 AAA/AUTHOR/CMD (3529157779): send AV cmd-arg=<cr> 03:14:17: tty67 AAA/AUTHOR/CMD (3529157779): found list "default" 03:14:17: tty67 AAA/AUTHOR/CMD (3529157779): Method=radius (radius) 03:14:17: AAA/AUTHOR (3529157779): Post authorization status = FAIL Any hint would be much appreciated. Regards, --Eric - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
