It would probably help [grin] if you sent the radiusd -x output instead of the Cisco debug output - this list does not normally perform vendor specific troubleshooting ( but if someone on the list has seen the specific type of problem they usually respond).... Gary N. McKinney
Network Administrator Computer Services Dept. Brevard County Library System ---------- Original Message ---------------------------------- From: "Eric TURENNE" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Fri, 9 Jul 2004 16:11:36 -0300 >Hi, > >I'm currently investigating freeradius in order to migrate from tacacs+ >to radius. > >I got pretty much authentication and accounting to do what I want. > >But I cannot figure out what's wrong with the command authorization. >Config seems good but nothing is sent to RADIUS server. > >Here's router config and DEBUG: > >Router config : > >aaa new-model >aaa authentication login default group radius enable none >aaa authentication enable default group radius enable none >aaa authorization commands 1 default group radius if-authenticated >aaa accounting exec default start-stop group radius >aaa accounting commands 1 default start-stop group radius >aaa accounting commands 15 default start-stop group radius >aaa accounting connection default start-stop group radius >aaa accounting system default start-stop group radius >aaa processes 6 >! >radius-server host xxx.xxx.72.238 auth-port 1812 acct-port 1813 >radius-server retransmit 3 >radius-server timeout 3 >radius-server key testing123 > >When I issue with debug : > >Caribou>sh ver >Command authorization failed. > >Caribou> >03:14:17: tty67 AAA/AUTHOR/CMD (3529157779): Port='tty67' list='' >service=CMD >03:14:17: AAA/AUTHOR/CMD: tty67 (3529157779) user='' >03:14:17: tty67 AAA/AUTHOR/CMD (3529157779): send AV service=shell >03:14:17: tty67 AAA/AUTHOR/CMD (3529157779): send AV cmd=show >03:14:17: tty67 AAA/AUTHOR/CMD (3529157779): send AV cmd-arg=version >03:14:17: tty67 AAA/AUTHOR/CMD (3529157779): send AV cmd-arg=<cr> >03:14:17: tty67 AAA/AUTHOR/CMD (3529157779): found list "default" >03:14:17: tty67 AAA/AUTHOR/CMD (3529157779): Method=radius (radius) >03:14:17: AAA/AUTHOR (3529157779): Post authorization status = FAIL > >Any hint would be much appreciated. > >Regards, > >--Eric > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html >--- >[This E-mail scanned for viruses by Declude Ant-Virus Scanner] > > ________________________________________________________________ Sent via the KillerWebMail system at mail.brev.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html