Re: Authenticating to Cisco 29xx using OpenLDAP and FreeRadius

2004-07-12 Thread Robert Banniza
Kenneth offered the magic bullet that fixed this. Now on to Juniper ERX auth. and ACL'ing down access to routers. Thanks for all the help guys! I really appreciate it! Robert On Mon, Jul 12, 2004 at 02:37:24PM -0600, Kenneth Grady wrote: > In your users file (line 153 or 217) try adding: >

Re: Authenticating to Cisco 29xx using OpenLDAP and FreeRadius

2004-07-12 Thread Dustin Doris
Unfortunately, I can't help with that one. It looks like you are using the reply attribute of Cisco-AVPair := "shell:priv-lvl=15". That reply attribute is being sent back, so you'll have to check the Cisco docs to see if its all setup correctly on the 29xx. Found this on google, may help you wit

Re: Authenticating to Cisco 29xx using OpenLDAP and FreeRadius

2004-07-12 Thread Robert Banniza
Here is what we are seeing nowThe secret has been set and will allow us to login but we are not getting any privileged level: rad_recv: Access-Request packet from host 67.106.198.67:1645, id=15, length=75 NAS-IP-Address = 10.1.1.31 NAS-Port = 1 NAS-Port-Type = Virtual

Re: Authenticating to Cisco 29xx using OpenLDAP and FreeRadius

2004-07-12 Thread Dustin Doris
You need to do what the debug message said and make sure your shared secret is correct. Check clients.conf in your raddb directory. WARNING: Unprintable characters in the password. ? Double-check the shared secret on the server and the NAS! On Mon, 12 Jul 2004, Robert Banniza wrote: > Here is

Re: Authenticating to Cisco 29xx using OpenLDAP and FreeRadius

2004-07-12 Thread Robert Banniza
Here is what radiusd -X -A provides: rad_recv: Access-Request packet from host 67.106.198.67:1645, id=10, length=75 NAS-IP-Address = 11.9.67.177 NAS-Port = 1 NAS-Port-Type = Virtual User-Name = "homer" Calling-Station-Id = "10.1.1.162" User-Password

Re: Authenticating to Cisco 29xx using OpenLDAP and FreeRadius

2004-07-12 Thread Dustin Doris
What about radiusd -x. Run Freeradius in debug mode. On Sun, 11 Jul 2004, Robert Banniza wrote: > Here is the debug output: > > 2d04h: AAA/MEMORY: create_user (0x20F7E20) user='' ruser='' port='tty1' > +rem_addr='10.1.1.162' authen_type=ASCII service= > LOGIN priv=1 > 2d04h: AAA/AUTHEN/START (18

Re: Authenticating to Cisco 29xx using OpenLDAP and FreeRadius

2004-07-11 Thread Robert Banniza
Here is the debug output: 2d04h: AAA/MEMORY: create_user (0x20F7E20) user='' ruser='' port='tty1' +rem_addr='10.1.1.162' authen_type=ASCII service= LOGIN priv=1 2d04h: AAA/AUTHEN/START (1821432037): port='tty1' list='' action=LOGIN +service=LOGIN 2d04h: AAA/AUTHEN/START (1821432037): using "defaul

RE: Authenticating to Cisco 29xx using OpenLDAP and FreeRadius

2004-07-09 Thread Heiden, John
Why don't you put the 2600/2900 into debug mode for RADIUS? John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dustin Doris Sent: Friday, July 09, 2004 3:36 PM To: [EMAIL PROTECTED] Subject: Re: Authenticating to Cisco 29xx using OpenLDAP and FreeR

Re: Authenticating to Cisco 29xx using OpenLDAP and FreeRadius

2004-07-09 Thread Dustin Doris
What about radiusd -x? On Fri, 9 Jul 2004, Robert Banniza wrote: > Here is what we are seeing when a user tries to login: > > % Authorization failed. > > Connection to host lost. > > > On Fri, Jul 09, 2004 at 12:42:05PM -0400, Dustin Doris wrote: > > What is the debug output? What happens when y

Re: Authenticating to Cisco 29xx using OpenLDAP and FreeRadius

2004-07-09 Thread Robert Banniza
Here is what we are seeing when a user tries to login: % Authorization failed. Connection to host lost. On Fri, Jul 09, 2004 at 12:42:0

Re: Authenticating to Cisco 29xx using OpenLDAP and FreeRadius

2004-07-09 Thread Dustin Doris
What is the debug output? What happens when you try to login to the router? User denied? On Fri, 9 Jul 2004, Robert Banniza wrote: > Guys, > We are trying to allow users to authenticate to Cisco 26xx routers using > Freeradius with the rlm_ldap module (OpenLDAP). We would like some of > these u

Authenticating to Cisco 29xx using OpenLDAP and FreeRadius

2004-07-09 Thread Robert Banniza
Guys, We are trying to allow users to authenticate to Cisco 26xx routers using Freeradius with the rlm_ldap module (OpenLDAP). We would like some of these users to be able to log in with enable privileges. The following is what we have done to try this with no avail. The following is a sample ldif