(RADIATOR) Cisco 2511 not authenticating clients properly

Adam Kuklycz Adam.Kuklycz at adamk.com
Mon Mar 15 05:10:27 CST 2004


Hi everyone

I'd appreciate some help in getting my Cisco 2511 working with radiator.
What appears to be happening is the user dials in, the Cisco sends to
radiator their username and password, radiator verifies this as being
OK, sends the appropriate packets back to the Cisco, and there it dies.
Next thing the modem is disconnected and on my screen is a
username/password error.

Here's some log files, and some bits of the router config...any thoughts
on this appreciated greatly as right now cistron radius is working but
not keeping the best of accounting records for me...making my life hell.

Thanks,
Adam

--------------

Sun Mar 14 22:28:45 2004: DEBUG: Packet dump:
*** Received from 203.46.120.4 port 1645 ....
Code:       Access-Request
Identifier: 197
Authentic:  q<218>PUO7%<141><222><133><187><150><147><26>#<154>
Attributes:
        NAS-IP-Address = 203.46.120.4
        NAS-Port = 1
        User-Name = "adamk"
        CHAP-Password =
<1><143><5><239><18><183>J#<30>2-&<154><23>M<243><145>
        Service-Type = Framed-User
        Framed-Protocol = PPP

Sun Mar 14 22:28:45 2004: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Sun Mar 14 22:28:45 2004: DEBUG: Rewrote user name to adamk
Sun Mar 14 22:28:45 2004: DEBUG:  Deleting session for adamk,
203.46.120.4, 1
Sun Mar 14 22:28:45 2004: DEBUG: do query is: 'delete from RADONLINE
where NASIDENTIFIER='203.46.120.4' and NASPORT=01':

Sun Mar 14 22:28:45 2004: DEBUG: Handling with Radius::AuthRADMIN
Sun Mar 14 22:28:45 2004: DEBUG: Handling with Radius::AuthRADMIN:
Sun Mar 14 22:28:45 2004: DEBUG: Query is: 'select PASS_WORD,
STATICADDRESS, TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM,
VALIDTO from RADUSERS where USERNAME='adamk'':

Sun Mar 14 22:28:45 2004: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='adamk' order by
ITEM_TYPE':

Sun Mar 14 22:28:45 2004: DEBUG: Radius::AuthRADMIN looks for match with
adamk
Sun Mar 14 22:28:45 2004: DEBUG: Query is: 'select NASIDENTIFIER,
NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
USERNAME='adamk'':

Sun Mar 14 22:28:45 2004: DEBUG: ValidFrom date converted to: 1079099400
Sun Mar 14 22:28:45 2004: DEBUG: Expiration date converted to:
1110549600
Sun Mar 14 22:28:45 2004: DEBUG: do query is: 'update RADUSERS set
BADLOGINS=0 where USERNAME='adamk'':

Sun Mar 14 22:28:45 2004: DEBUG: Access accepted for adamk
Sun Mar 14 22:28:45 2004: DEBUG: do query is: 'insert into RADAUTHLOG
(TIME_STAMP, USERNAME, TYPE) values (1079267325, 'adamk', 1)':

Sun Mar 14 22:28:45 2004: DEBUG: Packet dump:
*** Sending to 203.46.120.4 port 1645 ....
Code:       Access-Accept
Identifier: 197
Authentic:  q<218>PUO7%<141><222><133><187><150><147><26>#<154>
Attributes:
        Framed-IP-Address = 203.46.120.60
        Session-Timeout = 360000
        Framed-Protocol = PPP
        Framed-IP-Netmask = 255.255.255.255
        Framed-Routing = None
        Framed-MTU = 1500
        Framed-Compression = Van-Jacobson-TCP-IP


----------------
And now the router config
----------------

clock timezone EST 10
boot system flash
aaa new-model
aaa authentication login default line
aaa authentication login consoleport none
aaa authentication ppp default radius
aaa authorization network radius
aaa accounting network start-stop radius
aaa accounting connection start-stop radius
aaa accounting system start-stop radius

interface Async1
 ip unnumbered Ethernet0
 ip tcp header-compression passive
 encapsulation ppp
 async dynamic routing
 async mode interactive
 peer default ip address 203.46.120.20
 no cdp enable
 ppp authentication pap chap
!
interface Async2
 ip unnumbered Ethernet0
 ip tcp header-compression passive
 encapsulation ppp
 async dynamic routing
 async mode interactive
 peer default ip address 203.46.120.21
 no cdp enable
 ppp authentication pap chap


Note that the Cisco's IOS is old -->

IOS (tm) 3000 Software (CPA25-Y-L), Version 11.1(5), RELEASE SOFTWARE
(fc1)

ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
ROM: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE
SOFTWARE (fc1)

cisco1 uptime is 2 weeks, 5 days, 20 hours, 25 minutes
System restarted by power-on at 00:42:20 EST Wed Feb 25 2004
System image file is "flash:cpa25-y-l.111-5", booted via flash

cisco 2511 (68030) processor (revision M) with 6144K/2048K bytes of
memory.
Processor board ID 09297064, with hardware revision 00000000
Bridging software.
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
1 Ethernet/IEEE 802.3 interface.
2 Serial network interfaces.
16 terminal lines.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list