Ok, thank you about answer!!
Please, I have a yet a question: every time when I try to login from
same username with same password, successfully login user which is first
meet in a users file.
How can I delineate this users over Service-Type which include a aaa
packet???
- from cisco
Thanks for help!!
It's work!! , but now have a problem from cisco. From aaa server
console mode all it's OK:
$ echo
User-Name=user100,User-Password=pass,Service-Type=NAS-Prompt-User |
radclient 127.0.0.1:1812 auth testing123
Received response ID 31, code 2, length = 50
Service-Type
Hello!
I have a question about same 'username' from different services.
Task:
1) Troublefree login users with same username, from different
places(therefore different attribute) at the same time:
- cisco console login(radius for cisco);
- ppp(radius for dialup).
2) In some way delineate
No. in my company we use a freeradius, not a TACACS, and we want to get
a control under some users which work on cisco console and for this we
would be like take a 'log command'. If you know how we make do that and
freeradius implemet this, please tell us or give a some howto, patch,
url etc.
Ok! Where can I find information about howto make freeradius undarstand
a TACACS+ ?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
When freeradius group include in your codes support full accounting,
include commands accounting, how long?
Means this is would be mutch better for all IT spacialists in the world,
wich implements freeradius in your net infrastrucure!
Thanks!!
-
List info/subscribe/unsubscribe? See
Ok! Then I have one a question about moving Accounting packets through
my network:
When I login to cisco on log server(radius server) I racieve a:
tcpdump port 1813
15:48:00.281073 IP 192.168.255.10.radacct carlogg.radacct: RADIUS,
Accounting Request (4), id: 0x67 length: 93
15:48:00.281727
Now I present fully situation on a trouble process
(radiusd -X; cisco debug accounting; tcpdump vvv ports 1812-1814)
On radius server firewall is absent, this is the open system. On cisco
like this:
access-list 1 permit 192.168.255.0 0.0.0.255
access-list 1 deny any
1) User connect to the
Of course I debuged information from radius server:
netstat -an -p udp:
udp4 0 0 *.1814 *.*
udp4 0 0 *.1813 *.*
udp4 0 0 *.1812 *.*
radiusd.conf:
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /var/log
raddbdir
OK, I comment all unix section in site-enable/default, but result is the
same!
In pucture below I thurned on debug on cisco about accounting, therefore
cisco work correctly, but radius server not recieve Accounting-Request? Why?
001534: Mar 6 22:38:57: tty2 AAA/AUTHOR/EXEC (3942780195):
If you mean when I type a some command on cisco shell, in the cisco
console already I show you (much more), else you mean a radius server
then I must disappoint you there is a silent, nothing to do!
If you consider for important all debug information on radius when user
login-run some
[IOS Version 12.1(22)EA11] [freeradius-2.1.3]
--
Hello!
I'm trying to accounting all commands on cisco in enable mode and other
level, which user run:
aaa accounting delay-start
aaa accounting exec default start-stop group
12 matches
Mail list logo