Hi, Ivan.
Yes, my output now is showing:
Sending Access-Accept of id 128 to 200.133.204.64 port 21645
Service-Type := NAS-Prompt-User
And how should I "debug ip ssh". I've used the tcpdump to catch the
traffic through eth0. Did you mean that? If it's affirmative, see the
tcpdump output below:
Service Type Attribute (6), length: 6, Value: NAS Prompt
09:42:48.269012 IP (tos 0x0, ttl 254, id 23346, offset 0, flags [none],
proto UDP (17), length 110) 10.0.0.1.21645 > 10.0.0.2.1812: RADIUS,
length: 82
Access Request (1), id: 0x80, Authenticator:
7957e94b669004f47762c0741ac808af
NAS IP Address Attribute (4), length: 6, Value: 200.133.204.64
NAS Port Attribute (5), length: 6, Value: 1
NAS Port Type Attribute (61), length: 6, Value: Virtual
Username Attribute (1), length: 10, Value: user
Calling Station Attribute (31), length: 16, Value: 200.133.192.22
Password Attribute (2), length: 18, Value:
09:42:48.269728 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto
UDP (17), length 54) 10.0.0.2.1812 > 10.0.0.1.21645: RADIUS, length: 26
Access Accept (2), id: 0x80, Authenticator:
743ceb248afa2d6eba3062a357d6fcac
--
Wagner Pereira
PoP-SP/RNP - Ponto de Presença da RNP em São Paulo
CCE/USP - Centro de Computação Eletrônica da Universidade de São Paulo
http://www.pop-sp.rnp.br
(11) 3091-8902
t...@kalik.net escreveu:
I already read the Cisco wiki page and I implemented what they
recommend, but it's not working yet.
Does the debug now show Nas-Prompt-User in Access-Accept packet? If it
does - it's some problem on the router - debug ip ssh.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
