Dear Mr. Alan, I have posted the same 15days back, At least from you I am expecting the solution. So pls let me know whether the problem with me or server. Or I have selected the wrong choice to install the Freeradius.And I am again explaining my problem.
I have installed Freeradius Server with Mysql database support on Redhat Linux. I have configured AAA on router for this radius server. And I am able to log into router with privilege level 1. But I have mentioned privilege level 7 using Cisco-AVPairs. When I check the radius debug, the radius server sending the AV Pairs to the router. But the router is not accepting. When I run debug AAA Authorization it is giving a message like " no appropriate authorization type for user. " was showing in debug. Authentication and Accounting was working fine. Only authorization was not working. AAA Config on Router :- aaa new-model aaa authentication login default local group radius aaa authentication login console local group radius aaa authentication ppp default local group radius aaa authorization network default group radius aaa accounting update newinfo aaa accounting exec default start-stop group radius aaa accounting network default wait-start group radius aaa accounting connection default start-stop group radius The above config is working with only privilege level 1. When I configure "aaa authorization exec default group radius" it is giving the Authorization Failed. Debug of AAA Authorization :- .Jun 19 23:02:47.691 IST: RADIUS: ustruct sharecount=1 .Jun 19 23:02:47.691 IST: Radius: radius_port_info() success=1 radius_nas_port=0 .Jun 19 23:02:47.691 IST: RADIUS: added cisco VSA 2 len 6 "tty227" .Jun 19 23:02:47.691 IST: RADIUS: Initial Transmit tty227 id 236 192.168.10.1:1812, Access-Request, len 88 .Jun 19 23:02:47.691 IST: Attribute 4 6 CA839404 .Jun 19 23:02:47.691 IST: Attribute 26 14 0000000902087474 .Jun 19 23:02:47.691 IST: Attribute 61 6 00000005 .Jun 19 23:02:47.691 IST: Attribute 1 8 72616468 .Jun 19 23:02:47.691 IST: Attribute 31 16 3230322E .Jun 19 23:02:47.691 IST: Attribute 2 18 E2377944 .Jun 19 23:02:47.743 IST: RADIUS: Received from id 236 192.168.10.1:1812, Access-Accept, len 136 .Jun 19 23:02:47.743 IST: Attribute 26 29 0000000901176D75 .Jun 19 23:02:47.743 IST: Attribute 26 29 0000000901176D75 .Jun 19 23:02:47.743 IST: Attribute 26 34 00000009011C6D75 .Jun 19 23:02:47.747 IST: Attribute 26 24 0000000901127368 .Jun 19 23:02:47.747 IST: RADIUS: saved authorization data for user 62D328E8 at 629DCB3C .Jun 19 23:02:47.747 IST: RADIUS: cisco AVPair "multilink:max-links=2" not applied for shell .Jun 19 23:02:47.747 IST: RADIUS: cisco AVPair "multilink:max-links=1" not applied for shell .Jun 19 23:02:47.747 IST: RADIUS: cisco AVPair "multilink:load-threshold=1" not applied for shell .Jun 19 23:02:47.747 IST: RADIUS: cisco AVPair "shell:priv-lvl=7" .Jun 19 23:02:47.747 IST: RADIUS: no appropriate authorization type for user. Pls le me know how do I mention the Cisco av pairs in mysql database. and tell me the router side config. Thanks in advance Nagesh Boyina -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Nagesh Boyina Sent: Monday, July 05, 2004 8:02 AM To: [EMAIL PROTECTED] Subject: no appropriate authorization type for user When I debug radius on router Cisco 3660 it is showing below debug .Jun 19 23:02:47.691 IST: RADIUS: ustruct sharecount=1 .Jun 19 23:02:47.691 IST: Radius: radius_port_info() success=1 radius_nas_port=0 .Jun 19 23:02:47.691 IST: RADIUS: added cisco VSA 2 len 6 "tty227" .Jun 19 23:02:47.691 IST: RADIUS: Initial Transmit tty227 id 236 192.168.10.1:1812, Access-Request, len 88 .Jun 19 23:02:47.691 IST: Attribute 4 6 CA839404 .Jun 19 23:02:47.691 IST: Attribute 26 14 0000000902087474 .Jun 19 23:02:47.691 IST: Attribute 61 6 00000005 .Jun 19 23:02:47.691 IST: Attribute 1 8 72616468 .Jun 19 23:02:47.691 IST: Attribute 31 16 3230322E .Jun 19 23:02:47.691 IST: Attribute 2 18 E2377944 .Jun 19 23:02:47.743 IST: RADIUS: Received from id 236 192.168.10.1:1812, Access-Accept, len 136 .Jun 19 23:02:47.743 IST: Attribute 26 29 0000000901176D75 .Jun 19 23:02:47.743 IST: Attribute 26 29 0000000901176D75 .Jun 19 23:02:47.743 IST: Attribute 26 34 00000009011C6D75 .Jun 19 23:02:47.747 IST: Attribute 26 24 0000000901127368 .Jun 19 23:02:47.747 IST: RADIUS: saved authorization data for user 62D328E8 at 629DCB3C .Jun 19 23:02:47.747 IST: RADIUS: cisco AVPair "multilink:max-links=2" not applied for shell .Jun 19 23:02:47.747 IST: RADIUS: cisco AVPair "multilink:max-links=1" not applied for shell .Jun 19 23:02:47.747 IST: RADIUS: cisco AVPair "multilink:load-threshold=1" not applied for shell .Jun 19 23:02:47.747 IST: RADIUS: cisco AVPair "shell:priv-lvl=7" .Jun 19 23:02:47.747 IST: RADIUS: no appropriate authorization type for user. But radius sending the access accept and I am able to logged in with priv 1 mode. I think cisco avpairs are not working. So pls kindly help about it. Thanks in Advance Nagesh Boyina -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Nagesh Boyina Sent: Thursday, July 01, 2004 12:43 PM To: [EMAIL PROTECTED] Subject: Cisco Authorization failed Hi , I run the debug on router and checked it is giving the message like " No appropriate authorization type for user" Pls tell me how to proceed ? and where could be the problem. Thanks in advance Nagesh Boyina --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.713 / Virus Database: 469 - Release Date: 6/30/2004 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.713 / Virus Database: 469 - Release Date: 6/30/2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.715 / Virus Database: 471 - Release Date: 7/4/2004 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.715 / Virus Database: 471 - Release Date: 7/4/2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.722 / Virus Database: 478 - Release Date: 7/18/2004 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
