Re: (RADIATOR) Cisco AS5300 authen OK autho FAIL

Mon, 17 Apr 2000 19:01:38 -0700 


Hello Nils -

On Tue, 18 Apr 2000, Nils Swart wrote:
> Hi!
> 
> (Short summary: normal dialin works fine, avpair statements get rejected
> by the AS5300 due to 'no appropriate authorization type for user' error)
> 
> Our setup is an AS5300 together with Radiator 2.16alpha (maybe the version
> numer is the problem, but hey, living on the edge rules right ? :)
> 
> I try to dial in with a single ISDN channel, which works out fine. Until i
> try to add authorization parameters (avpairs)
> The radiator config is more then standard, and it does everything the
> AS5300 asks for, but for some odd reason the AS5300 isn't happy with the
> AVPair statements:
> 
> user1 User-Password="blerk"
>       Framed-Protocol = PPP,
>       Framed-Netmask = "255.255.255.255",
>       cisco-avpair = "lcp:interface-config:ip address 192.168.121.133
> 255.255.255.224"
> 
> The cisco has (among other aaa stuff, but these apply):
> 
> aaa authentication ppp use-radius if-needed local group radius
> aaa authorization network default group radius
> 
> Of course Radiator gives it's OK to the question of the NAS about the
> authorization stuff, but why is the NAS rejecting it nevertheless with
> 'no appropriate authorization type' ???
> 

This is probably due to your user definition above, which for a Cisco should
include a Service-Type = Framed-User reply item. Cisco's are very picky about
this. There have been several discussions about this on the list and you should
be able to find the references on the archive site.

user1    User-Password="blerk"
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-Netmask = "255.255.255.255",
        cisco-avpair = "lcp:interface-config:ip address 192.168.121.133
                255.255.255.224"

hth

Hugh

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.



===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to