(RADIATOR) Cisco and radiator

Hugh Irvine hugh at open.com.au
Thu Jun 7 17:58:47 CDT 2001 

Hello -

Thanks for the information.

I will need to see a trace 4 debug from Radiator to be sure, but I suspect 
you are not sending back the correct reply attributes to tell the Cisco to 
set up a session. You seem to have commented out some of the lines below, but 
I think you should try something like this:

	AddToReply Service-Type = Framed-User, \
                     Framed-Protocol = PPP, \
                     Framed-Routing = None, \
                     Framed-MTU = 1500, \
                     Framed-Compression = Van-Jacobson-TCP-IP, \
                     Idle-Timeout = 300, \
                     Session-Timeout = 600		

regards

Hugh


On Thursday 07 June 2001 13:11, telco soltn wrote:
> hello!
>
> I'm having trouble with the authby sql option of radiator using a cisco
> 2620 NAS with 12.1(3)T IOS. you can see the the radius server
> authenticating the user but the cisco NAS itself rejects it with this
> error: % Authorization failed.
>
> the cisco nas log has this:
>
> 4d16h: %TTY-3-AUTOCONFIG: TTY40: Modem auto-configuration failed
>
> here's my config file:
>
> # Radius Config File
>
> Foreground
> LogStdout
> LogDir          /var/log/radius/
> DbDir           /etc/radius
> DictionaryFile %D/dictionary.cisco
> FingerProg      /bin/finger
> SnmpgetProg     /usr/bin/snmpget
> AuthPort       1812
> AcctPort       1813
>
> # User a lower trace level in production systems:
> Trace 5
>
> # You will probably want to change this to suit your site.
>
> #<Client DEFAULT>
> #       Secret  mysecret
> #       DupInterval 0
> #</Client>
>
>
> <Client myclientaddress>
>         DefaultRealm    DEFAULT
>         NasType         Cisco
>         Secret          mysecret
> </Client>
>
>
>
>
> <Realm DEFAULT>
>   RewriteUsername s/^([^@]+).*/$1/
>   AuthByPolicy ContinueWhileAccept
>   AccountingHandled
>   SessionDatabase SQL
>   MaxSessions 4
>   AcctLogFileName %L/detail
>   RejectHasReason
>
>         <AuthBy SQL>
>
>         DBSource        dbi:mysql:radius
>         DBUsername      root
>         DBAuth          suse123
>
>
> #       AuthSelect      select PASSWORD from SUBSCRIBERS where
> USERNAME='%n'
> #       EncryptedPassword
>
> #       AuthColumnDef   0, Encrypted-Password, check
>
>         AccountingTable ACCOUNTING
>         AcctColumnDef   USERNAME,User-Name
>         AcctColumnDef   TIME_STAMP,Timestamp,integer
>         AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type
>         AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
>         AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer
>         AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
>         AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
>         AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer
>         AcctColumnDef   ACCTTERMINATECAUSE,Acct-Terminate-Cause
>         AcctColumnDef   NASIDENTIFIER,NAS-Identifier
>         AcctColumnDef   NASIDENTIFIER,NAS-IP-Address
>         AcctColumnDef   NASPORT,NAS-Port,integer
>         AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address
>
>
> #       AddToReply Framed-Protocol = PPP,
> Framed-IP-Netmask=255.255.255.255,Framed-Routing = None,Framed-
>
>         AddToReplyIfNotExist Service-Type = Framed-User,\
>         Framed-Routing = None,\
>         Framed-MTU = 1500,\
>         Framed-Compression = Van-Jacobson-TCP-IP
>         AddToReply Service-Type = Framed-User, \
> #       Framed-Protocol = PPP, \
> #       Framed-MTU = 1500
>
>         </AuthBy>
> </Realm>
>
> <SessionDatabase SQL>
>
>   AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT,
> ACCTSESSIONID, TIME_STAMP, FRAMEDIPAD
>   ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N'
>   CountNasSessionsQuery select ACCTSESSIONID from RADONLINE where
> NASIDENTIFIER='%N'
>   CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE
> where USERNAME='%u'
>  DBSource dbi:mysql:radius
>   DBUsername root
>   DBAuth suse123
>   DeleteQuery delete from RADONLINE where NASIDENTIFIER='%N' and
> NASPORT=0%{NAS-Port}
>
> </SessionDatabase>
>
>
> __________________________________________________
> Do You Yahoo!?
> Get personalized email addresses from Yahoo! Mail - only $35
> a year!  http://personal.mail.yahoo.com/
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list