(RADIATOR) Cisco 2511 not authenticating clients properly

Mike McCauley mikem at open.com.au
Mon Mar 15 05:27:07 CST 2004


Hello Adam,

Its probably because there is no Service-Type = Framed-User in your reply.

Cheers.

On Mon, 15 Mar 2004 09:10 pm, Adam Kuklycz wrote:
> Hi everyone
>
> I'd appreciate some help in getting my Cisco 2511 working with radiator.
> What appears to be happening is the user dials in, the Cisco sends to
> radiator their username and password, radiator verifies this as being
> OK, sends the appropriate packets back to the Cisco, and there it dies.
> Next thing the modem is disconnected and on my screen is a
> username/password error.
>
> Here's some log files, and some bits of the router config...any thoughts
> on this appreciated greatly as right now cistron radius is working but
> not keeping the best of accounting records for me...making my life hell.
>
> Thanks,
> Adam
>
> --------------
>
> Sun Mar 14 22:28:45 2004: DEBUG: Packet dump:
> *** Received from 203.46.120.4 port 1645 ....
> Code:       Access-Request
> Identifier: 197
> Authentic:  q<218>PUO7%<141><222><133><187><150><147><26>#<154>
> Attributes:
>         NAS-IP-Address = 203.46.120.4
>         NAS-Port = 1
>         User-Name = "adamk"
>         CHAP-Password =
> <1><143><5><239><18><183>J#<30>2-&<154><23>M<243><145>
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>
> Sun Mar 14 22:28:45 2004: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Sun Mar 14 22:28:45 2004: DEBUG: Rewrote user name to adamk
> Sun Mar 14 22:28:45 2004: DEBUG:  Deleting session for adamk,
> 203.46.120.4, 1
> Sun Mar 14 22:28:45 2004: DEBUG: do query is: 'delete from RADONLINE
> where NASIDENTIFIER='203.46.120.4' and NASPORT=01':
>
> Sun Mar 14 22:28:45 2004: DEBUG: Handling with Radius::AuthRADMIN
> Sun Mar 14 22:28:45 2004: DEBUG: Handling with Radius::AuthRADMIN:
> Sun Mar 14 22:28:45 2004: DEBUG: Query is: 'select PASS_WORD,
> STATICADDRESS, TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM,
> VALIDTO from RADUSERS where USERNAME='adamk'':
>
> Sun Mar 14 22:28:45 2004: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
> IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='adamk' order by
> ITEM_TYPE':
>
> Sun Mar 14 22:28:45 2004: DEBUG: Radius::AuthRADMIN looks for match with
> adamk
> Sun Mar 14 22:28:45 2004: DEBUG: Query is: 'select NASIDENTIFIER,
> NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
> USERNAME='adamk'':
>
> Sun Mar 14 22:28:45 2004: DEBUG: ValidFrom date converted to: 1079099400
> Sun Mar 14 22:28:45 2004: DEBUG: Expiration date converted to:
> 1110549600
> Sun Mar 14 22:28:45 2004: DEBUG: do query is: 'update RADUSERS set
> BADLOGINS=0 where USERNAME='adamk'':
>
> Sun Mar 14 22:28:45 2004: DEBUG: Access accepted for adamk
> Sun Mar 14 22:28:45 2004: DEBUG: do query is: 'insert into RADAUTHLOG
> (TIME_STAMP, USERNAME, TYPE) values (1079267325, 'adamk', 1)':
>
> Sun Mar 14 22:28:45 2004: DEBUG: Packet dump:
> *** Sending to 203.46.120.4 port 1645 ....
> Code:       Access-Accept
> Identifier: 197
> Authentic:  q<218>PUO7%<141><222><133><187><150><147><26>#<154>
> Attributes:
>         Framed-IP-Address = 203.46.120.60
>         Session-Timeout = 360000
>         Framed-Protocol = PPP
>         Framed-IP-Netmask = 255.255.255.255
>         Framed-Routing = None
>         Framed-MTU = 1500
>         Framed-Compression = Van-Jacobson-TCP-IP
>
>
> ----------------
> And now the router config
> ----------------
>
> clock timezone EST 10
> boot system flash
> aaa new-model
> aaa authentication login default line
> aaa authentication login consoleport none
> aaa authentication ppp default radius
> aaa authorization network radius
> aaa accounting network start-stop radius
> aaa accounting connection start-stop radius
> aaa accounting system start-stop radius
>
> interface Async1
>  ip unnumbered Ethernet0
>  ip tcp header-compression passive
>  encapsulation ppp
>  async dynamic routing
>  async mode interactive
>  peer default ip address 203.46.120.20
>  no cdp enable
>  ppp authentication pap chap
> !
> interface Async2
>  ip unnumbered Ethernet0
>  ip tcp header-compression passive
>  encapsulation ppp
>  async dynamic routing
>  async mode interactive
>  peer default ip address 203.46.120.21
>  no cdp enable
>  ppp authentication pap chap
>
>
> Note that the Cisco's IOS is old -->
>
> IOS (tm) 3000 Software (CPA25-Y-L), Version 11.1(5), RELEASE SOFTWARE
> (fc1)
>
> ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
> ROM: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE
> SOFTWARE (fc1)
>
> cisco1 uptime is 2 weeks, 5 days, 20 hours, 25 minutes
> System restarted by power-on at 00:42:20 EST Wed Feb 25 2004
> System image file is "flash:cpa25-y-l.111-5", booted via flash
>
> cisco 2511 (68030) processor (revision M) with 6144K/2048K bytes of
> memory.
> Processor board ID 09297064, with hardware revision 00000000
> Bridging software.
> X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
> 1 Ethernet/IEEE 802.3 interface.
> 2 Serial network interfaces.
> 16 terminal lines.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list