Joe I don't think our customer is sending any attributes that we don't send to the Cisco ourselves. However I'll get him to send me a users entry and see if that's the case before I turn all that debug on :)
If you see my previous email you'll see the radius debug I sent when one the users tried to log on. For some reason the IP address being assigned is 255.255.255.254 and not the one the customer is sending. Looking through the radius files I saw this in the attrs file: ################## # The rest of this file contains the DEFAULT entry. # DEFAULT matches with all realm names. # DEFAULT Service-Type == Framed-User, Service-Type == Login-User, Login-Service == Telnet, Login-Service == Rlogin, Login-Service == TCP-Clear, Login-TCP-Port <= 65536, Framed-IP-Address == 255.255.255.254, Framed-IP-Netmask == 255.255.255.255, Framed-Protocol == PPP, Framed-Protocol == SLIP, Framed-Compression == Van-Jacobson-TCP-IP, Framed-MTU >= 576, Framed-Filter-ID =* ANY, Reply-Message =* ANY, Proxy-State =* ANY, Session-Timeout <= 28800, Idle-Timeout <= 600, ######### I see the default IP assigned is 255.255.255.254 which is the same as what the radius debug shows. Would this be the cause maybe? I've now commented it out and reload radius, so now I have to wait for a user to try and connect again. John -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] .org] On Behalf Of Joe Maimon Sent: 12 June 2006 21:10 To: FreeRadius users mailing list Subject: Re: Radius Proxying and IP injection John Williams wrote: > > > However the users that are authenticating are being dropped offline as > soon as they authenticate. > > The account logs show the reason as being "User-Request" although the > user hasn't requested a disconnect, in fact they aren't connected long > enough to do so. > > > > The customer is also sending a framed IP address for each user that > connects via the users radius users file entry. Your cisco doesnt like certain attributes in the reply and closes the connections. Likely as not the attributes it doesnt like is the ones in relation to what your customer is trying to assign. debugs will show you exactly which one, but beware. debug radius debug aaa authentication debug aaa authorization debug aaa per-user debug aaa subsys debug ppp negotiation debug vtemplate ev debug vtemplate cloning debug vprofile I would also run your server in debugging mode to see exactly which attributes are being sent to your cisco nas for those users. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html