Not sure if this is the same issue you are having but I had to set the
Administrative-User line to get AVPair to work correctly with
radiusReplyItem: Cisco-AVPair := "shell:priv-lvl=15". Here is what I
have in my users file:
DEFAULT Auth-Type := LDAP
Service-Type = Administrative-User,
Fall-Through = 1
Robert
On Fri, Jul 16, 2004 at 05:12:27PM -0400, David Birnbaum wrote:
> Howdy,
>
> I'm doing PPPoE to a Cisco 7206, trying to assign static IP addresses from
> FreeRadius. So far, I've had no luck. I'm using FreeRadius 1.0.0-pre3,
> and everything is dandy for authentication, but two problems:
>
> 1. Cisco doesn't seem to support Framed-Address for PPPoE (if anyone
> knows different that would be great, because nobody at Cisco knows
> how to do this. If you can tell me how, stop reading the rest of the
> message and help me out!)
>
> 2. The advice from Cisco is try using Cisco-AVPair to assign a pool.
> However, it doesn't seem to be getting parsed properly.
>
> Here's the entry in my radius file:
>
> msmiche Auth-Type := Local, Password == "XXXXX"
> Cisco-AVPair = "ip:addr-pool=msmiche",
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Fall-Through = No
>
> But when I check the debug on the cisco, it complains that the format is
> wrong, and it doesn't seem to pull from that pool. The pool has a single
> IP address in it to assign:
>
> Jul 16 17:07:17: RADIUS: Initial Transmit Virtual-Access1 id 10
> 209.212.66.11:1645, Access-Request, len 77
> Jul 16 17:07:17: Attribute 4 6 D1D44262
> Jul 16 17:07:17: Attribute 5 6 00000001
> Jul 16 17:07:17: Attribute 61 6 00000005
> Jul 16 17:07:17: Attribute 1 9 6D736D69
> Jul 16 17:07:17: Attribute 2 18 C9E797B2
> Jul 16 17:07:17: Attribute 6 6 00000002
> Jul 16 17:07:17: Attribute 7 6 00000001
> Jul 16 17:07:17: RADIUS: Received from id 10 209.212.66.11:1645,
> Access-Accept, len 60
> Jul 16 17:07:17: Attribute 26 28 0000000901166970
> Jul 16 17:07:17: Attribute 6 6 00000002
> Jul 16 17:07:17: Attribute 7 6 00000001
> Jul 16 17:07:17: Invalid attribute in radius buffer
> Jul 16 17:07:17: Unable to dump packet further
>
> I would expect to see Attribute 9,1, or something like that, with some
> additional text.
>
> Here's the cisco AAA stuff:
>
> aaa authentication ppp FRAMED if-needed group radius
> aaa authorization network default none
>
> radius-server host X.X.X.X auth-port 1645 acct-port 1646 key 7 XXX
> radius-server retransmit 2
> radius-server timeout 3
> radius-server attribute 6 on-for-login-auth
>
> Any suggestions much appreciated. I'm running 12.2(24a) right now on the
> Cisco.
>
> David.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
