Hi there, I would like to ask if where in my cisco configuration has a problem. First i used MPD as my LNS and no encountered problem authenticating to the freeradius but when i change my LNS to Cisco it seems i can't log in. What are possible problem in my configuration? Is it in the Cisco or Freeradius has a problem setting. What would be the coz of the problem as stated in the log.
I attach the logs for review. Thank you and more power. --coroy Cisco log: *May 22 15:43:51.404: ppp253 PAP: I AUTH-REQ id 186 len 19 from "coroy" *May 22 15:43:51.404: ppp253 PAP: Authenticating peer coroy *May 22 15:43:51.412: AAA/AUTHEN/PPP (00000132): Pick method list 'default' *May 22 15:43:51.412: AAA/ATTR(00000132): copy lists *May 22 15:43:51.412: AAA/ATTR(00000132): new list: 6459A2A8 old list: 645943E4 *May 22 15:43:51.412: AAA/ATTR(00000132): new list: 644B8774 *May 22 15:43: 51.412: AAA/ATTR(00000132): add attr: 644B878C 0 00000002 Framed-Protocol(62) 4 PPP *May 22 15:43:51.412: AAA/ATTR(00000132): add attr: 644B87A0 0 00000009 username(318) 5 coroy *May 22 15:43:51.412: AAA/ATTR(00000132): add attr: 644B87B4 0 00000009 password(226) 8 70 61 73 73 77 6F 72 64 *May 22 15:43:51.412: ppp253 PPP: Sent PAP LOGIN Request *May 22 15:43:51.412: AAA SRV(00000132): process authen req *May 22 15:43:51.412: AAA SRV(00000132): Authen method=SERVER_GROUP IWC *May 22 15:43:51.412 : AAA/ATTR(00000132): cursor init: 63958DC0 644B8774 none unknown *May 22 15:43:51.412: AAA/ATTR(00000132): find :644B87A0 0 00000009 username(318) 5 coroy *May 22 15:43:51.412: AAA/ATTR(00000132): cursor init: 63958E50 644B8774 none unknown *May 22 15:43:51.412: AAA/ATTR(00000132): find :644B87A0 0 00000009 username(318) 5 coroy *May 22 15:43:51.412: AAA/ATTR(00000132): cursor init: 63958D78 644B8774 none none *May 22 15:43:51.412: AAA/ATTR(00000132): find next matching service=none, protocol=none *May 22 15:43:51.412: AAA/ATTR(00000132): Framed-Protocol ok *May 22 15:43:51.412: AAA/ATTR(00000132): find next matching service=none, protocol=none *May 22 15:43:51.412: AAA/ATTR(00000132): username ok *May 22 15:43: 51.412: AAA/ATTR(00000132): find next matching service=none, protocol=none *May 22 15:43:51.412: AAA/ATTR(00000132): password ok *May 22 15:43:51.412: AAA/ATTR(00000132): find next matching service=none, protocol=none *May 22 15:43:51.416: AAA/ATTR(00000132): not found *May 22 15:43:51.416: AAA/ATTR(00000132): cursor init: 63958D78 6459A2A8 none none *May 22 15:43:51.416: AAA/ATTR(00000132): find next matching service=none, protocol=none *May 22 15:43:51.416: AAA/ATTR(00000132): port-type ok *May 22 15:43:51.416: AAA/ATTR(00000132): find next matching service=none, protocol=none *May 22 15:43:51.416: AAA/ATTR(00000132): interface ok *May 22 15:43: 51.416: RADIUS(00000132): Storing nasport 928 in rad_db *May 22 15:43:51.416: AAA/ATTR(00000132): find next matching service=none, protocol=none *May 22 15:43:51.416: AAA/ATTR(00000132): clid ok *May 22 15:43:51.416 : AAA/ATTR(00000132): find next matching service=none, protocol=none *May 22 15:43:51.416: AAA/ATTR(00000132): dnis ok *May 22 15:43:51.416: AAA/ATTR(00000132): find next matching service=none, protocol=none *May 22 15:43: 51.416: AAA/ATTR(00000132): not found *May 22 15:43:51.416: RADIUS(00000132): Config NAS IP: 0.0.0.0 *May 22 15:43:51.416: Getting session id for NET(00000132) : db=64596B3C *May 22 15:43: 51.416: RADIUS/ENCODE(00000132): acct_session_id: 390 *May 22 15:43:51.416: RADIUS(00000132): sending *May 22 15:43:51.416: RADIUS/ENCODE: Best Local IP-Address 10.3.2.130 for Radius-Server 10.3.2.127 *May 22 15:43:51.416: RADIUS(00000132): Send Access-Request to 10.3.2.127:1812 id 21646/45, len 94 *May 22 15:43:51.416: RADIUS: authenticator 95 18 5E 04 20 9F B2 6D - 9C D7 2E F0 66 3F B2 EA *May 22 15:43:51.416: RADIUS: Framed-Protocol [7] 6 PPP [1] *May 22 15:43:51.416: RADIUS: User-Name [1] 7 "coroy" *May 22 15:43:51.416: RADIUS: User-Password [2] 18 * *May 22 15:43:51.416: RADIUS: NAS-Port-Type [61] 6 Virtual [5] *May 22 15:43:51.416: RADIUS: NAS-Port [5] 6 928 *May 22 15:43:51.416: RADIUS: Calling-Station-Id [31] 14 "000c2965075c" *May 22 15:43:51.416: RADIUS: Called-Station-Id [30] 5 "mpd" *May 22 15:43:51.416: RADIUS: Service-Type [6] 6 Framed [2] *May 22 15:43:51.416: RADIUS: NAS-IP-Address [4] 6 10.3.2.130 *May 22 15:43:52.084: RADIUS: Received from id 21646/45 10.3.2.127:1812, Access-Accept, len 71 *May 22 15:43:52.084: RADIUS: authenticator A4 72 E4 2B 33 5E B8 AF - AB 4A 21 26 69 66 EB E3 *May 22 15:43:52.084: RADIUS: Service-Type [6] 6 Administrative [6] *May 22 15:43:52.084: RADIUS: Framed-Protocol [7] 6 PPP [1] *May 22 15:43:52.084: RADIUS: Framed-IP-Address [8] 6 10.10.10.45 *May 22 15:43:52.084: RADIUS: Framed-IP-Netmask [9] 6 255.240.0.0 *May 22 15:43:52.084: RADIUS: Framed-Routing [10] 6 3 *May 22 15:43:52.088: RADIUS: Filter-Id [11] 9 *May 22 15:43:52.088: RADIUS: 73 74 64 2E 70 70 70 [std.ppp] *May 22 15:43:52.088: RADIUS: Framed-MTU [12] 6 1500 *May 22 15:43:52.088: RADIUS: Framed-Compression [13] 6 VJ TCP/IP Header Compressi[1] *May 22 15:43:52.088: AAA/ATTR(00000132): free all lists: 644B8774 *May 22 15:43:52.088: AAA/ATTR(00000132): del attr: 644B878C 0 00000002 Framed-Protocol(62) 4 PPP *May 22 15:43:52.088: AAA/ATTR(00000132): del attr: 644B87A0 0 00000009 username(318) 5 coroy *May 22 15:43:52.088: AAA/ATTR(00000132): del attr: 644B87B4 0 00000009 password(226) 8 70 61 73 73 77 6F 72 64 *May 22 15:43: 52.088: AAA/ATTR(00000132): new list: 64596DB4 *May 22 15:43:52.088: RADIUS(00000132): Received from id 21646/45 *May 22 15:43:52.088: AAA/ATTR(00000132): cursor init: 64588A50 64596DB4 none none *May 22 15:43:52.088 : AAA/ATTR(00000000): add attr: 64596DCC 0 00000001 service-type(245) 4 Administrative *May 22 15:43:52.088: AAA/ATTR(00000000): add attr: 64596DE0 0 00000001 Framed-Protocol(62) 4 PPP *May 22 15:43:52.088: AAA/ATTR(00000000): add attr: 64596DF4 0 00000001 addr(5) 4 10.10.10.45 *May 22 15:43:52.088: AAA/ATTR(00000000): add attr: 64596E08 0 00000009 route(272) 20 10.0.0.0 255.240.0.0 *May 22 15:43:52.088: AAA/ATTR(00000000): add attr: 64596E1C 0 00000001 netmask(215) 4 255.240.0.0 *May 22 15:43:52.088: AAA/ATTR(00000000): add attr: 64596E30 0 00000001 routing(281) 4 TRUE *May 22 15:43:52.088: RADIUS/DECODE: invalid ACL type; FAIL *May 22 15:43:52.088: RADIUS/DECODE: decoder; FAIL *May 22 15:43:52.088: RADIUS/DECODE: attribute Filter-Id; FAIL *May 22 15:43:52.088: RADIUS/DECODE: parse response op decode; FAIL *May 22 15:43:52.088: RADIUS/DECODE: parse response; FAIL *May 22 15:43:52.088: AAA/ID(00000132): Setting connection progress = 101 *May 22 15:43:52.088: AAA SRV(00000132): protocol reply FAIL for Authentication *May 22 15:43:52.088: AAA SRV(00000132): Authen method=NOT_SET - No methods left to try *May 22 15:43:52.088: AAA SRV(00000132): Return Authentication status=FAIL *May 22 15:43:52.088: ppp253 PPP: Received LOGIN Response FAIL *May 22 15:43:52.088: AAA/ATTR(00000132): copy lists *May 22 15:43:52.088: AAA/ATTR(00000132): new list: 644B8774 old list: 64596DB4 *May 22 15:43:52.088: AAA/ATTR(00000132): cursor init: 6436F110 644B8774 none none *May 22 15:43:52.088: AAA/ATTR(00000132): find :timeout(303): not found *May 22 15:43:52.088: AAA/ATTR(00000132): cursor init: 6436F100 644B8774 none unknown *May 22 15:43:52.088: AAA/ATTR(00000132): find next matching service=none, protocol=unknown *May 22 15:43:52.088: AAA/ATTR(00000132): service-type ok *May 22 15:43:52.088: AAA/ATTR(00000132): find next matching service=none, protocol=unknown *May 22 15:43:52.088: AAA/ATTR(00000132): Framed-Protocol ok *May 22 15:43:52.088: AAA/ATTR(00000132): find next matching service=none, protocol=unknown *May 22 15:43:52.088: AAA/ATTR(00000132): addr ok *May 22 15:43:52.088: AAA/ATTR(00000132): find next matching service=none, protocol=unknown *May 22 15:43:52.088: AAA/ATTR(00000132): route protocol:ip ok *May 22 15:43:52.088: AAA/ATTR(00000132): find next matching service=none, protocol=unknown *May 22 15:43:52.088: AAA/ATTR(00000132): netmask ok *May 22 15:43:52.088: AAA/ATTR(00000132): find next matching service=none, protocol=unknown *May 22 15:43:52.088: AAA/ATTR(00000132): routing ok *May 22 15:43:52.088: AAA/ATTR(00000132): find next matching service=none, protocol=unknown *May 22 15:43:52.088: AAA/ATTR(00000132): not found *May 22 15:43:52.088: AAA/ATTR(00000132): cursor init: 6436F058 644B8774 none unknown *May 22 15:43:52.088: AAA/ATTR(00000132): find :reply-message(194): not found *May 22 15:43:52.088: ppp253 PAP: O AUTH-NAK id 186 len 26 msg is "Authentication failed" *May 22 15:43:52.088: L2X: UDP socket write 66 bytes, 10.3.2.130(1701) to 10.3.2.126(54959) *May 22 15:43:52.092 : AAA/ID(00000132): Setting disconnect: abort = 25/PPP PAP Fail, terminate = 17/user-error *May 22 15:43:52.092: AAA/ATTR(00000132): new list: 64584098 *May 22 15:43:52.092: AAA/ATTR(00000132): add attr: 645840B0 0 00000009 username(318) 5 coroy *May 22 15:43:52.092: AAA/ACCT/EVENT/(00000132): NET DOWN *May 22 15:43:52.092: AAA/ATTR(00000132): cursor init: 6436EC38 64584098 none none *May 22 15:43:52.092: AAA/ATTR(00000132): find next matching service=none, protocol=none *May 22 15:43:52.092: AAA/ATTR(00000132): username ok *May 22 15:43:52.092: AAA/ATTR(00000132): find next matching service=none, protocol=none *May 22 15:43:52.092: AAA/ATTR(00000132): not found *May 22 15:43: 52.092: AAA/ACCT/NET(00000132): Method list not found *May 22 15:43:52.092: AAA/ATTR(00000132): free all lists: 64599260 *May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 64599278 0 00000001 session-id(293) 4 390(186) *May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 6459928C 0 00000009 tunnel-server-endpoint(311) 10 10.3.2.130 *May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 645992A0 0 00000009 tunnel-client-endpoint(305) 10 10.3.2.126 *May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 645992B4 0 00000009 vpdn-group(324) 3 mpd *May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 645992C8 0 00000001 tunnel-type(316) 4 l2tp *May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 645992DC 0 00000009 tunnel-connection-id(312) 7 1890042 *May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 645992F0 0 00000009 tunnel-id(306) 21 host-lac.kamisaki.net *May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 64599304 0 00000009 gw-name(307) 6 Router *May 22 15:43:52.092: AAA/ACCT(00000132): del node, session 390 *May 22 15:43:52.092: AAA/ACCT/NET(00000132): free_rec, count 0 *May 22 15:43:52.092: AAA/ACCT/NET(00000132) reccnt 0, csr FALSE, osr 0 *May 22 15:43:52.092: AAA/ATTR(00000132): free all lists: 64584098 *May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 645840B0 0 00000009 username(318) 5 coroy *May 22 15:43:52.092: AAA/ATTR(00000132): free all lists: 644B8774 *May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 644B878C 0 00000001 service-type(245) 4 Administrative *May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 644B87A0 0 00000001 Framed-Protocol(62) 4 PPP *May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 644B87B4 0 00000001 addr(5) 4 10.10.10.45 *May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 644B87C8 0 00000009 route(272) 20 10.0.0.0 255.240.0.0 *May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 644B87DC 0 00000001 netmask(215) 4 255.240.0.0 *May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 644B87F0 0 00000001 routing(281) 4 TRUE *May 22 15:43:52.092: ppp253 PPP: aaa-id := 0x0 reset *May 22 15:43:52.092: ppp253 PPP: mlp-aaa-id := 0x0 reset *May 22 15:43:52.092: ppp253 PPP: aaa-id := 0x0 reset *May 22 15:43:52.092: ppp253 PPP: mlp-aaa-id := 0x0 reset *May 22 15:43:52.092: AAA/ATTR(00000132): free all lists: 64596DB4 *May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 64596DCC 0 00000001 service-type(245) 4 Administrative *May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 64596DE0 0 00000001 Framed-Protocol(62) 4 PPP *May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 64596DF4 0 00000001 addr(5) 4 10.10.10.45 *May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 64596E08 0 00000009 route(272) 20 10.0.0.0 255.240.0.0 *May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 64596E1C 0 00000001 netmask(215) 4 255.240.0.0 *May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 64596E30 0 00000001 routing(281) 4 TRUE *May 22 15:43:52.092: AAA/ATTR(00000132): free all lists: 6459A2A8 *May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 6459A2C0 0 00000001 port-type(156) 4 Virtual Terminal *May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 6459A2D4 0 00000009 interface(152) 15 Uniq-Sess-ID253 *May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 6459A2E8 0 00000009 clid(25) 12 000c2965075c *May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 6459A2FC 0 00000009 dnis(36) 3 mpd ----------------------- Freeradius log: rad_recv: Access-Request packet from host 10.3.2.130:21645, id=228, length=94 Framed-Protocol = PPP User-Name = "coroy" User-Password = "password" NAS-Port-Type = Virtual NAS-Port = 160 Calling-Station-Id = "000c2965075c" Called-Station-Id = "mpd" Service-Type = Framed-User NAS-IP-Address = 10.3.2.130 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 12 modcall[authorize]: module "preprocess" returns ok for request 12 modcall[authorize]: module "chap" returns noop for request 12 modcall[authorize]: module "mschap" returns noop for request 12 rlm_realm: No '@' in User-Name = "coroy", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 12 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 12 users: Matched entry coroy at line 90 modcall[authorize]: module "files" returns ok for request 12 modcall: leaving group authorize (returns ok) for request 12 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password matches local User-Password Sending Access-Accept of id 228 to 10.3.2.130 port 21645 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 10.10.10.45 Framed-IP-Netmask = 255.240.0.0 Framed-Routing = Broadcast-Listen Framed-Filter-Id = " std.ppp" Framed-MTU = 1500 Framed-Compression = Van-Jacobson-TCP-IP Finished request 12 ---------------------------- Cisco configuration: Using 2475 out of 129016 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot system flash slot0:c7200-js-mz.123-1.bin enable secret 5 $1$..Q4$R03cMosO4XOmURBY6wQWo/ ! username admin privilege 15 password 0 xxxpass username test password 0 test username LAC-1 password 0 secret username multihop password 0 secret username Tunnel-Switch-In password 0 Secret2 username Tunnel-Switch-Out password 0 secret3 username coroy password 0 password aaa new-model ! aaa group server radius user-radius server 10.3.2.127 auth-port 1812 acct-port 1813 ! aaa authentication login default local-case aaa authentication enable default enable aaa authentication ppp default group user-radius aaa authorization config-commands aaa authorization exec default local aaa authorization network default group user-radius aaa accounting exec default start-stop group user-radius aaa session-id common ip subnet-zero ! ! ip name-server 10.1.0.5 ip name-server 10.1.0.11 ! ip cef vpdn enable vpdn source-ip 10.3.2.130 vpdn logging vpdn logging local vpdn logging remote vpdn logging user vpdn logging tunnel-drop vpdn search-order domain ! vpdn-group mpd accept-dialin protocol l2tp virtual-template 1 terminate-from hostname host-lac.kamisaki.net lcp renegotiation on-mismatch l2tp tunnel password 7 071C2E40470D1E040317 ! mpls ldp logging neighbor-changes ! ! ! ! ! ! ! ! ! no voice hpi capture buffer no voice hpi capture destination ! ! ! ! ! ! interface Loopback0 no ip address ! interface FastEthernet0/0 ip address 10.3.2.130 255.240.0.0 duplex half ! interface Virtual-Template1 ip unnumbered FastEthernet0/0 peer default ip address pool ip_pool no keepalive ppp authentication pap user-radius ppp authorization user-radius ! ip local pool ip_pool 10.10.10.2 10.10.10.6 ip classless ip route 0.0.0.0 0.0.0.0 10.0.0.10 no ip http server ! ! ! ! ! radius-server attribute nas-port format c radius-server host 10.3.2.127 auth-port 1812 acct-port 1813 radius-server key radpass radius-server authorization permit missing Service-Type ! ! dial-peer cor custom ! ! ! ! gatekeeper shutdown ! ! line con 0 line aux 0 transport output lat pad v120 mop telnet rlogin udptn stopbits 1 line vty 0 4 session-timeout 20 transport input lat pad v120 mop telnet rlogin udptn transport output lat pad v120 mop telnet rlogin udptn ! ! ! end
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html