(RADIATOR) Problem with Authentication and accounting
Hugh Irvine
hugh at open.com.au
Mon May 27 06:47:26 CDT 2002
Hello Akin -
I will need to see a trace 4 debug from Radiator showing what is happening.
It may very well be the case that the Cisco is not even sending any radius
requests at all, in which case you will need to sort out the Cisco
configuration before you start to worry about Radiator.
BTW - here is an FAQ item on this topic:
<<<>>>
How do I configure a Cisco NAS for Radius? You will need something like this
in your Terminal server configuration:
aaa new-model
aaa authentication login DIAL-SCRIPT-USERS radius
aaa authentication login TELNET-USERS local
aaa authentication ppp PAP-USERS if-needed radius
aaa authorization network radius
aaa accounting network start-stop radius
...
radius-server host 1.2.3.4 auth-port 1645 acct-port 1646
radius-server key blahblahblah
You will probably want to use these reply attributes in order to enable PPP
sessions:
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Netmask = 255.255.255.0,
Framed-Routing = None,
Framed-MTU = 1500,
Framed-Compression = Van-Jacobson-TCP-IP
There is a description of Cisco's use of Radius attributes for IOS 12 in
RADIUS Attributes overview.
<<<>>>
You should also check the Radiator archive site:
http://www.open.com.au/rachives/radiator
and the Cisco web site:
http://www.cisco.com
regards
Hugh
On Mon, 27 May 2002 20:33, Akinpelu wrote:
> Hello,
>
> I had configured the radiator 3.0 demo on my server and I use Cisco AS5300
> as the NAS. But the authentication is still being done by the NAS and not
> the radius server as expected.
>
> Below is a copy of my radius.cfg:
>
> <Client IP add. of the NAS>
> Secret
> </Client>
> #<Client DEFAULT>
> # Secret mysecret
> # DupInterval 0
> #</Client>
> <Realm microaccess.com>
> <AuthBy FILE>
> Filename %D/users
> </AuthBy>
> # Log accounting to a detail file
> AcctLogFileName %L/detail
> MaximumSessions 1
> </Realm>
> AuthPort 1812
> AcctPort 1813
>
> Below is the configuration i have on the NAS:
>
> aaa authentication login users radius
> aaa authentication ppp users if-needed radius
> aaa authorization network radius
> aaa accounting network start-stop radius
> radius-server host (IP add. of the radius server) auth-port 1812 acct-port
> 1813
> radius-server key ...
>
> Is there anything I have missed out? I will be glad is anybody can give me
> a hint on what to do.
>
> Thanks.
>
> Akin.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list