Re: Authenticating to Cisco 29xx using OpenLDAP and FreeRadius
Kenneth offered the magic bullet that fixed this. Now on to Juniper ERX auth. and ACL'ing down access to routers. Thanks for all the help guys! I really appreciate it! Robert On Mon, Jul 12, 2004 at 02:37:24PM -0600, Kenneth Grady wrote: > In your users file (line 153 or 217) try adding: > Service-Type = Administrative-User, > > On Mon, 2004-07-12 at 13:42, Robert Banniza wrote: > > Here is what we are seeing nowThe secret has been set and will allow > > us to login but we are not getting any privileged level: > > > > > > rad_recv: Access-Request packet from host 67.106.198.67:1645, id=15, > > length=75 > > NAS-IP-Address = 10.1.1.31 > > NAS-Port = 1 > > NAS-Port-Type = Virtual > > User-Name = "homer" > > Calling-Station-Id = "10.1.1.162" > > User-Password = "t3stm3" > > modcall: entering group authorize for request 0 > > modcall[authorize]: module "preprocess" returns ok for request 0 > > modcall[authorize]: module "chap" returns noop for request 0 > > modcall[authorize]: module "eap" returns noop for request 0 > > rlm_realm: No '@' in User-Name = "homer", looking up realm NULL > > rlm_realm: No such realm "NULL" > > modcall[authorize]: module "suffix" returns noop for request 0 > > users: Matched DEFAULT at 152 > > users: Matched DEFAULT at 216 > > modcall[authorize]: module "files" returns ok for request 0 > > modcall[authorize]: module "mschap" returns noop for request 0 > > rlm_ldap: - authorize > > rlm_ldap: performing user authorization for homer > > radius_xlat: '(&(ObjectClass=posixAccount)(uid=homer))' > > radius_xlat: 'ou=people,dc=test,dc=net' > > ldap_get_conn: Got Id: 0 > > rlm_ldap: attempting LDAP reconnection > > rlm_ldap: (re)connect to jag.test.net:389, authentication 0 > > rlm_ldap: bind as / to jag.test.net:389 > > rlm_ldap: waiting for bind result ... > > rlm_ldap: performing search in ou=people,dc=test,dc=net, with filter > > (&(ObjectClass=posixAccount)(uid=homer)) > > rlm_ldap: looking for check items in directory... > > rlm_ldap: Adding radiusAuthType as Auth-Type, value LDAP & op=21 > > rlm_ldap: looking for reply items in directory... > > rlm_ldap: extracted attribute Juniper-Local-User-Name from generic item > > Juniper-Local-User-Name := tier1 > > rlm_ldap: extracted attribute Cisco-AVPair from generic item > > Cisco-AVPair := "shell:priv-lvl=15" > > rlm_ldap: user homer authorized to use remote access > > ldap_release_conn: Release Id: 0 > > modcall[authorize]: module "ldap" returns ok for request 0 > > modcall: group authorize returns ok for request 0 > > rad_check_password: Found Auth-Type LDAP > > auth: type "LDAP" > > modcall: entering group Auth-Type for request 0 > > rlm_ldap: - authenticate > > rlm_ldap: login attempt by "homer" with password "t3stm3" > > rlm_ldap: user DN: uid=homer,ou=people,dc=test,dc=net > > rlm_ldap: (re)connect to jag.test.net:389, authentication 1 > > rlm_ldap: bind as uid=homer,ou=people,dc=test,dc=net/t3stm3 to > > jag.test.net:389 > > rlm_ldap: waiting for bind result ... > > rlm_ldap: user homer authenticated succesfully > > modcall[authenticate]: module "ldap" returns ok for request 0 > > modcall: group Auth-Type returns ok for request 0 > > Sending Access-Accept of id 15 to 67.106.198.67:1645 > > Juniper-Local-User-Name := "tier1" > > Cisco-AVPair := "shell:priv-lvl=15" > > Finished request 0 > > Going to the next request > > --- Walking the entire request list --- > > Waking up in 6 seconds... > > --- Walking the entire request list --- > > Cleaning up request 0 ID 15 with timestamp 40f2e98a > > Nothing to do. Sleeping until we see a request. > > > > > > > > > > > > On Mon, Jul 12, 2004 at 02:29:28PM -0400, Dustin Doris wrote: > > > You need to do what the debug message said and make sure your shared > > > secret is correct. Check clients.conf in your raddb directory. > > > > > > WARNING: Unprintable characters in the password. ? Double-check the > > > shared secret on the server and the NAS! > > > > > > > > > On Mon, 12 Jul 2004, Robert Banniza wrote: > > > > > > > Here is what radiusd -X -A provides: > > > > > > > > rad_recv: Access-Request packet from host 67.106.198.67:1645, id=10, > > > > length=75 > > > > NAS-IP-Address = 11.9.67.177 > > > > NAS-Port = 1 > > > > NAS-Port-Type = Virtual > > > > User-Name = "homer" > > > > Calling-Station-Id = "10.1.1.162" > > > > User-Password = "\334\303A_-VB/VJ N\017\230\217\317" > > > > modcall: entering group authorize for request 0 > > > > modcall[authorize]: module "preprocess" returns ok for request 0 > > > > modcall[authorize]: module "chap" returns noop for request 0 > > > > modcall[authorize]: module "eap" returns noop for request 0 > > > > rlm_realm: No '@' in User-Name = "homer", looking up realm NULL > > > > rlm_realm: No such realm "NULL" > > > > modcall[authorize]: module "suffix" returns noop for
Re: Authenticating to Cisco 29xx using OpenLDAP and FreeRadius
Unfortunately, I can't help with that one. It looks like you are using the reply attribute of Cisco-AVPair := "shell:priv-lvl=15". That reply attribute is being sent back, so you'll have to check the Cisco docs to see if its all setup correctly on the 29xx. Found this on google, may help you with configuring the router. http://www.mail-archive.com/[EMAIL PROTECTED]/msg18034.html Regards On Mon, 12 Jul 2004, Robert Banniza wrote: > Here is what we are seeing nowThe secret has been set and will allow > us to login but we are not getting any privileged level: > > > rad_recv: Access-Request packet from host 67.106.198.67:1645, id=15, > length=75 > NAS-IP-Address = 10.1.1.31 > NAS-Port = 1 > NAS-Port-Type = Virtual > User-Name = "homer" > Calling-Station-Id = "10.1.1.162" > User-Password = "t3stm3" > modcall: entering group authorize for request 0 > modcall[authorize]: module "preprocess" returns ok for request 0 > modcall[authorize]: module "chap" returns noop for request 0 > modcall[authorize]: module "eap" returns noop for request 0 > rlm_realm: No '@' in User-Name = "homer", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 0 > users: Matched DEFAULT at 152 > users: Matched DEFAULT at 216 > modcall[authorize]: module "files" returns ok for request 0 > modcall[authorize]: module "mschap" returns noop for request 0 > rlm_ldap: - authorize > rlm_ldap: performing user authorization for homer > radius_xlat: '(&(ObjectClass=posixAccount)(uid=homer))' > radius_xlat: 'ou=people,dc=test,dc=net' > ldap_get_conn: Got Id: 0 > rlm_ldap: attempting LDAP reconnection > rlm_ldap: (re)connect to jag.test.net:389, authentication 0 > rlm_ldap: bind as / to jag.test.net:389 > rlm_ldap: waiting for bind result ... > rlm_ldap: performing search in ou=people,dc=test,dc=net, with filter > (&(ObjectClass=posixAccount)(uid=homer)) > rlm_ldap: looking for check items in directory... > rlm_ldap: Adding radiusAuthType as Auth-Type, value LDAP & op=21 > rlm_ldap: looking for reply items in directory... > rlm_ldap: extracted attribute Juniper-Local-User-Name from generic item > Juniper-Local-User-Name := tier1 > rlm_ldap: extracted attribute Cisco-AVPair from generic item > Cisco-AVPair := "shell:priv-lvl=15" > rlm_ldap: user homer authorized to use remote access > ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns ok for request 0 > modcall: group authorize returns ok for request 0 > rad_check_password: Found Auth-Type LDAP > auth: type "LDAP" > modcall: entering group Auth-Type for request 0 > rlm_ldap: - authenticate > rlm_ldap: login attempt by "homer" with password "t3stm3" > rlm_ldap: user DN: uid=homer,ou=people,dc=test,dc=net > rlm_ldap: (re)connect to jag.test.net:389, authentication 1 > rlm_ldap: bind as uid=homer,ou=people,dc=test,dc=net/t3stm3 to > jag.test.net:389 > rlm_ldap: waiting for bind result ... > rlm_ldap: user homer authenticated succesfully > modcall[authenticate]: module "ldap" returns ok for request 0 > modcall: group Auth-Type returns ok for request 0 > Sending Access-Accept of id 15 to 67.106.198.67:1645 > Juniper-Local-User-Name := "tier1" > Cisco-AVPair := "shell:priv-lvl=15" > Finished request 0 > Going to the next request > --- Walking the entire request list --- > Waking up in 6 seconds... > --- Walking the entire request list --- > Cleaning up request 0 ID 15 with timestamp 40f2e98a > Nothing to do. Sleeping until we see a request. > > > > > > On Mon, Jul 12, 2004 at 02:29:28PM -0400, Dustin Doris wrote: > > You need to do what the debug message said and make sure your shared > > secret is correct. Check clients.conf in your raddb directory. > > > > WARNING: Unprintable characters in the password. ? Double-check the > > shared secret on the server and the NAS! > > > > > > On Mon, 12 Jul 2004, Robert Banniza wrote: > > > > > Here is what radiusd -X -A provides: > > > > > > rad_recv: Access-Request packet from host 67.106.198.67:1645, id=10, > > > length=75 > > > NAS-IP-Address = 11.9.67.177 > > > NAS-Port = 1 > > > NAS-Port-Type = Virtual > > > User-Name = "homer" > > > Calling-Station-Id = "10.1.1.162" > > > User-Password = "\334\303A_-VB/VJ N\017\230\217\317" > > > modcall: entering group authorize for request 0 > > > modcall[authorize]: module "preprocess" returns ok for request 0 > > > modcall[authorize]: module "chap" returns noop for request 0 > > > modcall[authorize]: module "eap" returns noop for request 0 > > > rlm_realm: No '@' in User-Name = "homer", looking up realm NULL > > > rlm_realm: No such realm "NULL" > > > modcall[authorize]: module "suffix" returns noop for request 0 > > > users: Matched DEFAULT at 152 > > > users: Matched DEFAULT at 216 > > > modcall[authorize]: module "files" returns ok for request 0 > >
Re: Authenticating to Cisco 29xx using OpenLDAP and FreeRadius
Here is what we are seeing nowThe secret has been set and will allow us to login but we are not getting any privileged level: rad_recv: Access-Request packet from host 67.106.198.67:1645, id=15, length=75 NAS-IP-Address = 10.1.1.31 NAS-Port = 1 NAS-Port-Type = Virtual User-Name = "homer" Calling-Station-Id = "10.1.1.162" User-Password = "t3stm3" modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "eap" returns noop for request 0 rlm_realm: No '@' in User-Name = "homer", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 users: Matched DEFAULT at 152 users: Matched DEFAULT at 216 modcall[authorize]: module "files" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for homer radius_xlat: '(&(ObjectClass=posixAccount)(uid=homer))' radius_xlat: 'ou=people,dc=test,dc=net' ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to jag.test.net:389, authentication 0 rlm_ldap: bind as / to jag.test.net:389 rlm_ldap: waiting for bind result ... rlm_ldap: performing search in ou=people,dc=test,dc=net, with filter (&(ObjectClass=posixAccount)(uid=homer)) rlm_ldap: looking for check items in directory... rlm_ldap: Adding radiusAuthType as Auth-Type, value LDAP & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: extracted attribute Juniper-Local-User-Name from generic item Juniper-Local-User-Name := tier1 rlm_ldap: extracted attribute Cisco-AVPair from generic item Cisco-AVPair := "shell:priv-lvl=15" rlm_ldap: user homer authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type LDAP auth: type "LDAP" modcall: entering group Auth-Type for request 0 rlm_ldap: - authenticate rlm_ldap: login attempt by "homer" with password "t3stm3" rlm_ldap: user DN: uid=homer,ou=people,dc=test,dc=net rlm_ldap: (re)connect to jag.test.net:389, authentication 1 rlm_ldap: bind as uid=homer,ou=people,dc=test,dc=net/t3stm3 to jag.test.net:389 rlm_ldap: waiting for bind result ... rlm_ldap: user homer authenticated succesfully modcall[authenticate]: module "ldap" returns ok for request 0 modcall: group Auth-Type returns ok for request 0 Sending Access-Accept of id 15 to 67.106.198.67:1645 Juniper-Local-User-Name := "tier1" Cisco-AVPair := "shell:priv-lvl=15" Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 15 with timestamp 40f2e98a Nothing to do. Sleeping until we see a request. On Mon, Jul 12, 2004 at 02:29:28PM -0400, Dustin Doris wrote: > You need to do what the debug message said and make sure your shared > secret is correct. Check clients.conf in your raddb directory. > > WARNING: Unprintable characters in the password. ? Double-check the > shared secret on the server and the NAS! > > > On Mon, 12 Jul 2004, Robert Banniza wrote: > > > Here is what radiusd -X -A provides: > > > > rad_recv: Access-Request packet from host 67.106.198.67:1645, id=10, > > length=75 > > NAS-IP-Address = 11.9.67.177 > > NAS-Port = 1 > > NAS-Port-Type = Virtual > > User-Name = "homer" > > Calling-Station-Id = "10.1.1.162" > > User-Password = "\334\303A_-VB/VJ N\017\230\217\317" > > modcall: entering group authorize for request 0 > > modcall[authorize]: module "preprocess" returns ok for request 0 > > modcall[authorize]: module "chap" returns noop for request 0 > > modcall[authorize]: module "eap" returns noop for request 0 > > rlm_realm: No '@' in User-Name = "homer", looking up realm NULL > > rlm_realm: No such realm "NULL" > > modcall[authorize]: module "suffix" returns noop for request 0 > > users: Matched DEFAULT at 152 > > users: Matched DEFAULT at 216 > > modcall[authorize]: module "files" returns ok for request 0 > > modcall[authorize]: module "mschap" returns noop for request 0 > > rlm_ldap: - authorize > > rlm_ldap: performing user authorization for homer > > radius_xlat: '(&(ObjectClass=posixAccount)(uid=homer))' > > radius_xlat: 'ou=people,dc=test,dc=net' > > ldap_get_conn: Got Id: 0 > > rlm_ldap: attempting LDAP reconnection > > rlm_ldap: (re)connect to jag.test.net:389, authentication 0 > > rlm_ldap: bind as / to jag.test.net:389 > > rlm_ldap: waiting for bind result ... > > rlm_ldap: performing search in ou=people,dc=test,dc=net, with filter > > (&(ObjectClass=posixAccount)(uid=homer)) > > rlm_ldap: looking for check items in di
Re: Authenticating to Cisco 29xx using OpenLDAP and FreeRadius
You need to do what the debug message said and make sure your shared secret is correct. Check clients.conf in your raddb directory. WARNING: Unprintable characters in the password. ? Double-check the shared secret on the server and the NAS! On Mon, 12 Jul 2004, Robert Banniza wrote: > Here is what radiusd -X -A provides: > > rad_recv: Access-Request packet from host 67.106.198.67:1645, id=10, > length=75 > NAS-IP-Address = 11.9.67.177 > NAS-Port = 1 > NAS-Port-Type = Virtual > User-Name = "homer" > Calling-Station-Id = "10.1.1.162" > User-Password = "\334\303A_-VB/VJ N\017\230\217\317" > modcall: entering group authorize for request 0 > modcall[authorize]: module "preprocess" returns ok for request 0 > modcall[authorize]: module "chap" returns noop for request 0 > modcall[authorize]: module "eap" returns noop for request 0 > rlm_realm: No '@' in User-Name = "homer", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 0 > users: Matched DEFAULT at 152 > users: Matched DEFAULT at 216 > modcall[authorize]: module "files" returns ok for request 0 > modcall[authorize]: module "mschap" returns noop for request 0 > rlm_ldap: - authorize > rlm_ldap: performing user authorization for homer > radius_xlat: '(&(ObjectClass=posixAccount)(uid=homer))' > radius_xlat: 'ou=people,dc=test,dc=net' > ldap_get_conn: Got Id: 0 > rlm_ldap: attempting LDAP reconnection > rlm_ldap: (re)connect to jag.test.net:389, authentication 0 > rlm_ldap: bind as / to jag.test.net:389 > rlm_ldap: waiting for bind result ... > rlm_ldap: performing search in ou=people,dc=test,dc=net, with filter > (&(ObjectClass=posixAccount)(uid=homer)) > rlm_ldap: looking for check items in directory... > rlm_ldap: Adding radiusAuthType as Auth-Type, value LDAP & op=21 > rlm_ldap: looking for reply items in directory... > rlm_ldap: extracted attribute Juniper-Local-User-Name from generic item > Juniper-Local-User-Name := tier1 > rlm_ldap: extracted attribute Cisco-AVPair from generic item > Cisco-AVPair := "shell:priv-lvl=15" > rlm_ldap: user homer authorized to use remote access > ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns ok for request 0 > modcall: group authorize returns ok for request 0 > rad_check_password: Found Auth-Type LDAP > auth: type "LDAP" > modcall: entering group Auth-Type for request 0 > rlm_ldap: - authenticate > rlm_ldap: login attempt by "homer" with password "ÜÃA_-VB/VJ N???Ï" > rlm_ldap: user DN: uid=homer,ou=people,dc=test,dc=net > rlm_ldap: (re)connect to jag.test.net:389, authentication 1 > rlm_ldap: bind as uid=homer,ou=people,dc=test,dc=net/ÜÃA_-VB/VJ N???Ï > to jag.test.net:389 > rlm_ldap: waiting for bind result ... > modcall[authenticate]: module "ldap" returns reject for request 0 > modcall: group Auth-Type returns reject for request 0 > auth: Failed to validate the user. > WARNING: Unprintable characters in the password. ? Double-check the > shared secret on the server and the NAS! > Delaying request 0 for 1 seconds > Finished request 0 > Going to the next request > --- Walking the entire request list --- > Waking up in 1 seconds... > --- Walking the entire request list --- > Waking up in 1 seconds... > --- Walking the entire request list --- > Sending Access-Reject of id 10 to 67.106.198.67:1645 > Juniper-Local-User-Name := "tier1" > Cisco-AVPair := "shell:priv-lvl=15" > Waking up in 4 seconds... > --- Walking the entire request list --- > Cleaning up request 0 ID 10 with timestamp 40f2cbda > Nothing to do. Sleeping until we see a request. > > > On Mon, Jul 12, 2004 at 12:46:46PM -0400, Dustin Doris wrote: > > What about radiusd -x. Run Freeradius in debug mode. > > > > On Sun, 11 Jul 2004, Robert Banniza wrote: > > > > > Here is the debug output: > > > > > > 2d04h: AAA/MEMORY: create_user (0x20F7E20) user='' ruser='' port='tty1' > > > +rem_addr='10.1.1.162' authen_type=ASCII service= > > > LOGIN priv=1 > > > 2d04h: AAA/AUTHEN/START (1821432037): port='tty1' list='' action=LOGIN > > > +service=LOGIN > > > 2d04h: AAA/AUTHEN/START (1821432037): using "default" list > > > 2d04h: AAA/AUTHEN/START (1821432037): Method=radius (radius) > > > 2d04h: AAA/AUTHEN (1821432037): status = GETUSER > > > 2d04h: AAA/AUTHEN/CONT (1821432037): continue_login (user='(undef)') > > > 2d04h: AAA/AUTHEN (1821432037): status = GETUSER > > > 2d04h: AAA/AUTHEN (1821432037): Method=radius (radius) > > > 2d04h: AAA/AUTHEN (1821432037): status = GETPASS > > > 2d04h: AAA/AUTHEN/CONT (1821432037): continue_login (user='homer') > > > 2d04h: AAA/AUTHEN (1821432037): status = GETPASS > > > 2d04h: AAA/AUTHEN (1821432037): Method=radius (radius) > > > 2d04h: AAA/AUTHEN (1821432037): status = PASS > > > 2d04h: tty1 AAA/AUTHOR/EXEC (3720401710): Port='tty1' list='' > > > service=EXEC > > > 2d04h: AAA/AUTHOR/EXEC: tty1 (3720401710) user='homer' > > > 2d04h:
Re: Authenticating to Cisco 29xx using OpenLDAP and FreeRadius
Here is what radiusd -X -A provides: rad_recv: Access-Request packet from host 67.106.198.67:1645, id=10, length=75 NAS-IP-Address = 11.9.67.177 NAS-Port = 1 NAS-Port-Type = Virtual User-Name = "homer" Calling-Station-Id = "10.1.1.162" User-Password = "\334\303A_-VB/VJ N\017\230\217\317" modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "eap" returns noop for request 0 rlm_realm: No '@' in User-Name = "homer", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 users: Matched DEFAULT at 152 users: Matched DEFAULT at 216 modcall[authorize]: module "files" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for homer radius_xlat: '(&(ObjectClass=posixAccount)(uid=homer))' radius_xlat: 'ou=people,dc=test,dc=net' ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to jag.test.net:389, authentication 0 rlm_ldap: bind as / to jag.test.net:389 rlm_ldap: waiting for bind result ... rlm_ldap: performing search in ou=people,dc=test,dc=net, with filter (&(ObjectClass=posixAccount)(uid=homer)) rlm_ldap: looking for check items in directory... rlm_ldap: Adding radiusAuthType as Auth-Type, value LDAP & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: extracted attribute Juniper-Local-User-Name from generic item Juniper-Local-User-Name := tier1 rlm_ldap: extracted attribute Cisco-AVPair from generic item Cisco-AVPair := "shell:priv-lvl=15" rlm_ldap: user homer authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type LDAP auth: type "LDAP" modcall: entering group Auth-Type for request 0 rlm_ldap: - authenticate rlm_ldap: login attempt by "homer" with password "ÜÃA_-VB/VJ N???Ï" rlm_ldap: user DN: uid=homer,ou=people,dc=test,dc=net rlm_ldap: (re)connect to jag.test.net:389, authentication 1 rlm_ldap: bind as uid=homer,ou=people,dc=test,dc=net/ÜÃA_-VB/VJ N???Ï to jag.test.net:389 rlm_ldap: waiting for bind result ... modcall[authenticate]: module "ldap" returns reject for request 0 modcall: group Auth-Type returns reject for request 0 auth: Failed to validate the user. WARNING: Unprintable characters in the password. ? Double-check the shared secret on the server and the NAS! Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 10 to 67.106.198.67:1645 Juniper-Local-User-Name := "tier1" Cisco-AVPair := "shell:priv-lvl=15" Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 10 with timestamp 40f2cbda Nothing to do. Sleeping until we see a request. On Mon, Jul 12, 2004 at 12:46:46PM -0400, Dustin Doris wrote: > What about radiusd -x. Run Freeradius in debug mode. > > On Sun, 11 Jul 2004, Robert Banniza wrote: > > > Here is the debug output: > > > > 2d04h: AAA/MEMORY: create_user (0x20F7E20) user='' ruser='' port='tty1' > > +rem_addr='10.1.1.162' authen_type=ASCII service= > > LOGIN priv=1 > > 2d04h: AAA/AUTHEN/START (1821432037): port='tty1' list='' action=LOGIN > > +service=LOGIN > > 2d04h: AAA/AUTHEN/START (1821432037): using "default" list > > 2d04h: AAA/AUTHEN/START (1821432037): Method=radius (radius) > > 2d04h: AAA/AUTHEN (1821432037): status = GETUSER > > 2d04h: AAA/AUTHEN/CONT (1821432037): continue_login (user='(undef)') > > 2d04h: AAA/AUTHEN (1821432037): status = GETUSER > > 2d04h: AAA/AUTHEN (1821432037): Method=radius (radius) > > 2d04h: AAA/AUTHEN (1821432037): status = GETPASS > > 2d04h: AAA/AUTHEN/CONT (1821432037): continue_login (user='homer') > > 2d04h: AAA/AUTHEN (1821432037): status = GETPASS > > 2d04h: AAA/AUTHEN (1821432037): Method=radius (radius) > > 2d04h: AAA/AUTHEN (1821432037): status = PASS > > 2d04h: tty1 AAA/AUTHOR/EXEC (3720401710): Port='tty1' list='' > > service=EXEC > > 2d04h: AAA/AUTHOR/EXEC: tty1 (3720401710) user='homer' > > 2d04h: tty1 AAA/AUTHOR/EXEC (3720401710): send AV service=shell > > 2d04h: tty1 AAA/AUTHOR/EXEC (3720401710): send AV cmd* > > 2d04h: tty1 AAA/AUTHOR/EXEC (3720401710): found list "default" > > 2d04h: tty1 AAA/AUTHOR/EXEC (3720401710): Method=radius (radius) > > 2d04h: AAA/AUTHOR (3720401710): Post authorization status = FAIL > > 2d04h: AAA/AUTHOR/EXEC: Authorization FAILED > > 2d04h: AAA/MEMORY: free_user (0x20F7E20) user='homer' ruser='' > > port='tty1' > > +rem_addr='10.1.1.162' authen_ty
Re: Authenticating to Cisco 29xx using OpenLDAP and FreeRadius
What about radiusd -x. Run Freeradius in debug mode. On Sun, 11 Jul 2004, Robert Banniza wrote: > Here is the debug output: > > 2d04h: AAA/MEMORY: create_user (0x20F7E20) user='' ruser='' port='tty1' > +rem_addr='10.1.1.162' authen_type=ASCII service= > LOGIN priv=1 > 2d04h: AAA/AUTHEN/START (1821432037): port='tty1' list='' action=LOGIN > +service=LOGIN > 2d04h: AAA/AUTHEN/START (1821432037): using "default" list > 2d04h: AAA/AUTHEN/START (1821432037): Method=radius (radius) > 2d04h: AAA/AUTHEN (1821432037): status = GETUSER > 2d04h: AAA/AUTHEN/CONT (1821432037): continue_login (user='(undef)') > 2d04h: AAA/AUTHEN (1821432037): status = GETUSER > 2d04h: AAA/AUTHEN (1821432037): Method=radius (radius) > 2d04h: AAA/AUTHEN (1821432037): status = GETPASS > 2d04h: AAA/AUTHEN/CONT (1821432037): continue_login (user='homer') > 2d04h: AAA/AUTHEN (1821432037): status = GETPASS > 2d04h: AAA/AUTHEN (1821432037): Method=radius (radius) > 2d04h: AAA/AUTHEN (1821432037): status = PASS > 2d04h: tty1 AAA/AUTHOR/EXEC (3720401710): Port='tty1' list='' > service=EXEC > 2d04h: AAA/AUTHOR/EXEC: tty1 (3720401710) user='homer' > 2d04h: tty1 AAA/AUTHOR/EXEC (3720401710): send AV service=shell > 2d04h: tty1 AAA/AUTHOR/EXEC (3720401710): send AV cmd* > 2d04h: tty1 AAA/AUTHOR/EXEC (3720401710): found list "default" > 2d04h: tty1 AAA/AUTHOR/EXEC (3720401710): Method=radius (radius) > 2d04h: AAA/AUTHOR (3720401710): Post authorization status = FAIL > 2d04h: AAA/AUTHOR/EXEC: Authorization FAILED > 2d04h: AAA/MEMORY: free_user (0x20F7E20) user='homer' ruser='' > port='tty1' > +rem_addr='10.1.1.162' authen_type=ASCII servi > ce=LOGIN priv=1 > Soutlake#2# > Soutlake#2# > Soutlake#2# > Soutlake#2# > Soutlake#2# > Soutlake#2# > Soutlake#2# > Soutlake#2# > Soutlake#2# > Soutlake#2# > Soutlake#2# > 2d04h: AAA: parse name=tty1 idb type=-1 tty=-1 > 2d04h: AAA: name=tty1 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=1 > +channel=0 > 2d04h: AAA/MEMORY: create_user (0x20F7C0C) user='' ruser='' port='tty1' > +rem_addr='10.1.1.162' authen_type=ASCII service= > LOGIN priv=1 > 2d04h: AAA/AUTHEN/START (2535633014): port='tty1' list='' action=LOGIN > +service=LOGIN > 2d04h: AAA/AUTHEN/START (2535633014): using "default" list > 2d04h: AAA/AUTHEN/START (2535633014): Method=radius (radius) > 2d04h: AAA/AUTHEN (2535633014): status = GETUSER > 2d04h: AAA/AUTHEN/CONT (2535633014): continue_login (user='(undef)') > 2d04h: AAA/AUTHEN (2535633014): status = GETUSER > 2d04h: AAA/AUTHEN (2535633014): Method=radius (radius) > 2d04h: AAA/AUTHEN (2535633014): status = GETPASS > 2d04h: AAA/AUTHEN/CONT (2535633014): continue_login (user='jessica') > 2d04h: AAA/AUTHEN (2535633014): status = GETPASS > 2d04h: AAA/AUTHEN (2535633014): Method=radius (radius) > 2d04h: AAA/AUTHEN (2535633014): status = PASS > 2d04h: tty1 AAA/AUTHOR/EXEC (1601631891): Port='tty1' list='' > service=EXEC > 2d04h: AAA/AUTHOR/EXEC: tty1 (1601631891) user='jessica' > 2d04h: tty1 AAA/AUTHOR/EXEC (1601631891): send AV service=shell > 2d04h: tty1 AAA/AUTHOR/EXEC (1601631891): send AV cmd* > 2d04h: tty1 AAA/AUTHOR/EXEC (1601631891): found list "default" > 2d04h: tty1 AAA/AUTHOR/EXEC (1601631891): Method=radius (radius) > 2d04h: AAA/AUTHOR (1601631891): Post authorization status = FAIL > 2d04h: AAA/AUTHOR/EXEC: Authorization FAILED > 2d04h: AAA/MEMORY: free_user (0x20F7C0C) user='jessica' ruser='' > port='tty1' > +rem_addr='10.1.1.162' authen_type=ASCII ser > vice=LOGIN priv=1 > > On Fri, Jul 09, 2004 at 12:42:05PM -0400, Dustin Doris wrote: > > What is the debug output? What happens when you try to login to the > > router? User denied? > > > > On Fri, 9 Jul 2004, Robert Banniza wrote: > > > > > Guys, > > > We are trying to allow users to authenticate to Cisco 26xx routers using > > > Freeradius with the rlm_ldap module (OpenLDAP). We would like some of > > > these users to be able to log in with enable privileges. The following > > > is what we have done to try this with no avail. The following is a > > > sample ldif entry: > > > > > > # > > > dn: uid=homer, ou=people, dc=test, dc=net > > > objectclass: person > > > objectclass: radiusprofile > > > objectclass: uidObject > > > objectClass: inetOrgPerson > > > objectClass: posixAccount > > > objectClass: extensibleObject > > > cn: Homer Simpson > > > sn: Simpson > > > loginShell: /bin/bash > > > userpassword: {SSHA}fghkjfghkhgkfhgrofZyn2u9yiAAxbMP > > > uidnumber: 2001 > > > gidnumber: 20 > > > homeDirectory: /home/homer > > > uid: homer > > > shadowLastChange: 10877 > > > shadowMin: 0 > > > shadowMax: 99 > > > shadowWarning: 7 > > > shadowInactive: -1 > > > shadowExpire: -1 > > > shadowFlag: 0 > > > radiusAuthType: LDAP > > > radiusReplyItem: Juniper-Local-User-Name := tier1 > > > radiusReplyItem: Cisco-AVPair := "shell:priv-lvl=15" > > > radiusprofileDN: uid=homer, ou=people, dc=test, dc=net > > > # > > > > > > Th
Re: Authenticating to Cisco 29xx using OpenLDAP and FreeRadius
Here is the debug output: 2d04h: AAA/MEMORY: create_user (0x20F7E20) user='' ruser='' port='tty1' +rem_addr='10.1.1.162' authen_type=ASCII service= LOGIN priv=1 2d04h: AAA/AUTHEN/START (1821432037): port='tty1' list='' action=LOGIN +service=LOGIN 2d04h: AAA/AUTHEN/START (1821432037): using "default" list 2d04h: AAA/AUTHEN/START (1821432037): Method=radius (radius) 2d04h: AAA/AUTHEN (1821432037): status = GETUSER 2d04h: AAA/AUTHEN/CONT (1821432037): continue_login (user='(undef)') 2d04h: AAA/AUTHEN (1821432037): status = GETUSER 2d04h: AAA/AUTHEN (1821432037): Method=radius (radius) 2d04h: AAA/AUTHEN (1821432037): status = GETPASS 2d04h: AAA/AUTHEN/CONT (1821432037): continue_login (user='homer') 2d04h: AAA/AUTHEN (1821432037): status = GETPASS 2d04h: AAA/AUTHEN (1821432037): Method=radius (radius) 2d04h: AAA/AUTHEN (1821432037): status = PASS 2d04h: tty1 AAA/AUTHOR/EXEC (3720401710): Port='tty1' list='' service=EXEC 2d04h: AAA/AUTHOR/EXEC: tty1 (3720401710) user='homer' 2d04h: tty1 AAA/AUTHOR/EXEC (3720401710): send AV service=shell 2d04h: tty1 AAA/AUTHOR/EXEC (3720401710): send AV cmd* 2d04h: tty1 AAA/AUTHOR/EXEC (3720401710): found list "default" 2d04h: tty1 AAA/AUTHOR/EXEC (3720401710): Method=radius (radius) 2d04h: AAA/AUTHOR (3720401710): Post authorization status = FAIL 2d04h: AAA/AUTHOR/EXEC: Authorization FAILED 2d04h: AAA/MEMORY: free_user (0x20F7E20) user='homer' ruser='' port='tty1' +rem_addr='10.1.1.162' authen_type=ASCII servi ce=LOGIN priv=1 Soutlake#2# Soutlake#2# Soutlake#2# Soutlake#2# Soutlake#2# Soutlake#2# Soutlake#2# Soutlake#2# Soutlake#2# Soutlake#2# Soutlake#2# 2d04h: AAA: parse name=tty1 idb type=-1 tty=-1 2d04h: AAA: name=tty1 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=1 +channel=0 2d04h: AAA/MEMORY: create_user (0x20F7C0C) user='' ruser='' port='tty1' +rem_addr='10.1.1.162' authen_type=ASCII service= LOGIN priv=1 2d04h: AAA/AUTHEN/START (2535633014): port='tty1' list='' action=LOGIN +service=LOGIN 2d04h: AAA/AUTHEN/START (2535633014): using "default" list 2d04h: AAA/AUTHEN/START (2535633014): Method=radius (radius) 2d04h: AAA/AUTHEN (2535633014): status = GETUSER 2d04h: AAA/AUTHEN/CONT (2535633014): continue_login (user='(undef)') 2d04h: AAA/AUTHEN (2535633014): status = GETUSER 2d04h: AAA/AUTHEN (2535633014): Method=radius (radius) 2d04h: AAA/AUTHEN (2535633014): status = GETPASS 2d04h: AAA/AUTHEN/CONT (2535633014): continue_login (user='jessica') 2d04h: AAA/AUTHEN (2535633014): status = GETPASS 2d04h: AAA/AUTHEN (2535633014): Method=radius (radius) 2d04h: AAA/AUTHEN (2535633014): status = PASS 2d04h: tty1 AAA/AUTHOR/EXEC (1601631891): Port='tty1' list='' service=EXEC 2d04h: AAA/AUTHOR/EXEC: tty1 (1601631891) user='jessica' 2d04h: tty1 AAA/AUTHOR/EXEC (1601631891): send AV service=shell 2d04h: tty1 AAA/AUTHOR/EXEC (1601631891): send AV cmd* 2d04h: tty1 AAA/AUTHOR/EXEC (1601631891): found list "default" 2d04h: tty1 AAA/AUTHOR/EXEC (1601631891): Method=radius (radius) 2d04h: AAA/AUTHOR (1601631891): Post authorization status = FAIL 2d04h: AAA/AUTHOR/EXEC: Authorization FAILED 2d04h: AAA/MEMORY: free_user (0x20F7C0C) user='jessica' ruser='' port='tty1' +rem_addr='10.1.1.162' authen_type=ASCII ser vice=LOGIN priv=1 On Fri, Jul 09, 2004 at 12:42:05PM -0400, Dustin Doris wrote: > What is the debug output? What happens when you try to login to the > router? User denied? > > On Fri, 9 Jul 2004, Robert Banniza wrote: > > > Guys, > > We are trying to allow users to authenticate to Cisco 26xx routers using > > Freeradius with the rlm_ldap module (OpenLDAP). We would like some of > > these users to be able to log in with enable privileges. The following > > is what we have done to try this with no avail. The following is a > > sample ldif entry: > > > > # > > dn: uid=homer, ou=people, dc=test, dc=net > > objectclass: person > > objectclass: radiusprofile > > objectclass: uidObject > > objectClass: inetOrgPerson > > objectClass: posixAccount > > objectClass: extensibleObject > > cn: Homer Simpson > > sn: Simpson > > loginShell: /bin/bash > > userpassword: {SSHA}fghkjfghkhgkfhgrofZyn2u9yiAAxbMP > > uidnumber: 2001 > > gidnumber: 20 > > homeDirectory: /home/homer > > uid: homer > > shadowLastChange: 10877 > > shadowMin: 0 > > shadowMax: 99 > > shadowWarning: 7 > > shadowInactive: -1 > > shadowExpire: -1 > > shadowFlag: 0 > > radiusAuthType: LDAP > > radiusReplyItem: Juniper-Local-User-Name := tier1 > > radiusReplyItem: Cisco-AVPair := "shell:priv-lvl=15" > > radiusprofileDN: uid=homer, ou=people, dc=test, dc=net > > # > > > > The following is what we have on the router: > > > > # > > aaa new-model > > aaa authentication login default group radius enable > > aaa authorization exec default group radius > > > > enable secret password > > > > radius-server host 67.106.198.70 auth-port 1812 acct
RE: Authenticating to Cisco 29xx using OpenLDAP and FreeRadius
Why don't you put the 2600/2900 into debug mode for RADIUS? John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dustin Doris Sent: Friday, July 09, 2004 3:36 PM To: [EMAIL PROTECTED] Subject: Re: Authenticating to Cisco 29xx using OpenLDAP and FreeRadius What about radiusd -x? On Fri, 9 Jul 2004, Robert Banniza wrote: > Here is what we are seeing when a user tries to login: > > % Authorization failed. > > Connection to host lost. > > > On Fri, Jul 09, 2004 at 12:42:05PM -0400, Dustin Doris wrote: > > What is the debug output? What happens when you try to login to the > > router? User denied? > > > > On Fri, 9 Jul 2004, Robert Banniza wrote: > > > > > Guys, > > > We are trying to allow users to authenticate to Cisco 26xx routers using > > > Freeradius with the rlm_ldap module (OpenLDAP). We would like some of > > > these users to be able to log in with enable privileges. The following > > > is what we have done to try this with no avail. The following is a > > > sample ldif entry: > > > > > > # > > > dn: uid=homer, ou=people, dc=test, dc=net > > > objectclass: person > > > objectclass: radiusprofile > > > objectclass: uidObject > > > objectClass: inetOrgPerson > > > objectClass: posixAccount > > > objectClass: extensibleObject > > > cn: Homer Simpson > > > sn: Simpson > > > loginShell: /bin/bash > > > userpassword: {SSHA}fghkjfghkhgkfhgrofZyn2u9yiAAxbMP > > > uidnumber: 2001 > > > gidnumber: 20 > > > homeDirectory: /home/homer > > > uid: homer > > > shadowLastChange: 10877 > > > shadowMin: 0 > > > shadowMax: 99 > > > shadowWarning: 7 > > > shadowInactive: -1 > > > shadowExpire: -1 > > > shadowFlag: 0 > > > radiusAuthType: LDAP > > > radiusReplyItem: Juniper-Local-User-Name := tier1 > > > radiusReplyItem: Cisco-AVPair := "shell:priv-lvl=15" > > > radiusprofileDN: uid=homer, ou=people, dc=test, dc=net > > > # > > > > > > The following is what we have on the router: > > > > > > # > > > aaa new-model > > > aaa authentication login default group radius enable > > > aaa authorization exec default group radius > > > > > > enable secret password > > > > > > radius-server host 67.106.198.70 auth-port 1812 acct-port 1813 > > > radius-server retransmit 3 > > > radius-server key testing123 > > > # > > > > > > What else are we missing? Any help would be appreciated. > > > > > > Robert > > > > > > - > > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authenticating to Cisco 29xx using OpenLDAP and FreeRadius
What about radiusd -x? On Fri, 9 Jul 2004, Robert Banniza wrote: > Here is what we are seeing when a user tries to login: > > % Authorization failed. > > Connection to host lost. > > > On Fri, Jul 09, 2004 at 12:42:05PM -0400, Dustin Doris wrote: > > What is the debug output? What happens when you try to login to the > > router? User denied? > > > > On Fri, 9 Jul 2004, Robert Banniza wrote: > > > > > Guys, > > > We are trying to allow users to authenticate to Cisco 26xx routers using > > > Freeradius with the rlm_ldap module (OpenLDAP). We would like some of > > > these users to be able to log in with enable privileges. The following > > > is what we have done to try this with no avail. The following is a > > > sample ldif entry: > > > > > > # > > > dn: uid=homer, ou=people, dc=test, dc=net > > > objectclass: person > > > objectclass: radiusprofile > > > objectclass: uidObject > > > objectClass: inetOrgPerson > > > objectClass: posixAccount > > > objectClass: extensibleObject > > > cn: Homer Simpson > > > sn: Simpson > > > loginShell: /bin/bash > > > userpassword: {SSHA}fghkjfghkhgkfhgrofZyn2u9yiAAxbMP > > > uidnumber: 2001 > > > gidnumber: 20 > > > homeDirectory: /home/homer > > > uid: homer > > > shadowLastChange: 10877 > > > shadowMin: 0 > > > shadowMax: 99 > > > shadowWarning: 7 > > > shadowInactive: -1 > > > shadowExpire: -1 > > > shadowFlag: 0 > > > radiusAuthType: LDAP > > > radiusReplyItem: Juniper-Local-User-Name := tier1 > > > radiusReplyItem: Cisco-AVPair := "shell:priv-lvl=15" > > > radiusprofileDN: uid=homer, ou=people, dc=test, dc=net > > > # > > > > > > The following is what we have on the router: > > > > > > # > > > aaa new-model > > > aaa authentication login default group radius enable > > > aaa authorization exec default group radius > > > > > > enable secret password > > > > > > radius-server host 67.106.198.70 auth-port 1812 acct-port 1813 > > > radius-server retransmit 3 > > > radius-server key testing123 > > > # > > > > > > What else are we missing? Any help would be appreciated. > > > > > > Robert > > > > > > - > > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authenticating to Cisco 29xx using OpenLDAP and FreeRadius
Here is what we are seeing when a user tries to login: % Authorization failed. Connection to host lost. On Fri, Jul 09, 2004 at 12:42:05PM -0400, Dustin Doris wrote: > What is the debug output? What happens when you try to login to the > router? User denied? > > On Fri, 9 Jul 2004, Robert Banniza wrote: > > > Guys, > > We are trying to allow users to authenticate to Cisco 26xx routers using > > Freeradius with the rlm_ldap module (OpenLDAP). We would like some of > > these users to be able to log in with enable privileges. The following > > is what we have done to try this with no avail. The following is a > > sample ldif entry: > > > > # > > dn: uid=homer, ou=people, dc=test, dc=net > > objectclass: person > > objectclass: radiusprofile > > objectclass: uidObject > > objectClass: inetOrgPerson > > objectClass: posixAccount > > objectClass: extensibleObject > > cn: Homer Simpson > > sn: Simpson > > loginShell: /bin/bash > > userpassword: {SSHA}fghkjfghkhgkfhgrofZyn2u9yiAAxbMP > > uidnumber: 2001 > > gidnumber: 20 > > homeDirectory: /home/homer > > uid: homer > > shadowLastChange: 10877 > > shadowMin: 0 > > shadowMax: 99 > > shadowWarning: 7 > > shadowInactive: -1 > > shadowExpire: -1 > > shadowFlag: 0 > > radiusAuthType: LDAP > > radiusReplyItem: Juniper-Local-User-Name := tier1 > > radiusReplyItem: Cisco-AVPair := "shell:priv-lvl=15" > > radiusprofileDN: uid=homer, ou=people, dc=test, dc=net > > # > > > > The following is what we have on the router: > > > > # > > aaa new-model > > aaa authentication login default group radius enable > > aaa authorization exec default group radius > > > > enable secret password > > > > radius-server host 67.106.198.70 auth-port 1812 acct-port 1813 > > radius-server retransmit 3 > > radius-server key testing123 > > # > > > > What else are we missing? Any help would be appreciated. > > > > Robert > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authenticating to Cisco 29xx using OpenLDAP and FreeRadius
What is the debug output? What happens when you try to login to the router? User denied? On Fri, 9 Jul 2004, Robert Banniza wrote: > Guys, > We are trying to allow users to authenticate to Cisco 26xx routers using > Freeradius with the rlm_ldap module (OpenLDAP). We would like some of > these users to be able to log in with enable privileges. The following > is what we have done to try this with no avail. The following is a > sample ldif entry: > > # > dn: uid=homer, ou=people, dc=test, dc=net > objectclass: person > objectclass: radiusprofile > objectclass: uidObject > objectClass: inetOrgPerson > objectClass: posixAccount > objectClass: extensibleObject > cn: Homer Simpson > sn: Simpson > loginShell: /bin/bash > userpassword: {SSHA}fghkjfghkhgkfhgrofZyn2u9yiAAxbMP > uidnumber: 2001 > gidnumber: 20 > homeDirectory: /home/homer > uid: homer > shadowLastChange: 10877 > shadowMin: 0 > shadowMax: 99 > shadowWarning: 7 > shadowInactive: -1 > shadowExpire: -1 > shadowFlag: 0 > radiusAuthType: LDAP > radiusReplyItem: Juniper-Local-User-Name := tier1 > radiusReplyItem: Cisco-AVPair := "shell:priv-lvl=15" > radiusprofileDN: uid=homer, ou=people, dc=test, dc=net > # > > The following is what we have on the router: > > # > aaa new-model > aaa authentication login default group radius enable > aaa authorization exec default group radius > > enable secret password > > radius-server host 67.106.198.70 auth-port 1812 acct-port 1813 > radius-server retransmit 3 > radius-server key testing123 > # > > What else are we missing? Any help would be appreciated. > > Robert > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html