(RADIATOR) Anyone using Cisco URT ?
Hugh Irvine
hugh at open.com.au
Wed Jan 12 23:29:12 CST 2005
Hello Ed -
It is not clear to me exactly what is happening.
The error message you show below normally occurs when decoding an
incoming radius request.
You can verify this by looking at a trace 5 debug from Radiator.
The name used in the dictionary is not important as the name gets
encoded into the attribute number specified in the dictionary
definition.
Please post the trace 5 debug and a copy of your configuration file (no
secrets) so we can see what is happening.
You should also have a look at the debug messages on the Cisco to see
what it thinks is going on.
regards
Hugh
On 12 Jan 2005, at 20:52, Ed Spick wrote:
> Hail Radiators,
>
> We are using a pre-802.1x Cisco dynamic vlan assignment product called
> User Registration Tool (URT) This allows you to use dynamically
> assigned vlans on switches such as the cat3500XL series (which can't
> do 802.1x). Currently we use this in an ethernet address to vlan type
> of association, however it can be configured as a proxy to take
> authentication from ldap/radius. I have setup my clients suitably and
> I am using a flat user file first off, however when my test user
> authenticates I get error messages in my radiator log :
>
> Wed Jan 12 14:01:57 2005: ERR: Attribute number 92 (vendor 1397702995)
> is not defined in your dictionary
>
> I need to reply the vtp domain and vlan name to the URT system and
> have tried using one similar to the 802.1x examples I have found
> elsewhere on the mail list :
>
> test1 User-Password = "linotype"
> Tunnel-Type=1:VLAN,
> Tunnel-Medium-Type=1:Ether_802,
> Tunnel-Private-Group-ID=1:61
>
> The log shows that these vlan reply attributes do seem to be sent by
> radiator but they don't seem received / understood by the Cisco kit as
> the logged in user is not put into the appropriate vlan (61) (I have
> tried this sent as ascii too)
>
> The Cisco documentation for this URT product suggests adding a Radius
> attribute of VTPDomainName\VLANName;VTPDomainName\VLANName;
> It also suggests that this should be attribute 24 - rather than the 94
> that keeps popping up in the log
> {cisco url for those really interested !
> http://www.cisco.com/en/US/customer/products/sw/secursw/ps2136/
> products_white_paper09186a00800c933f.shtml
> }
>
> Is adding attributes to the dictionary merely a matter of editing and
> restarting ?
>
> Any help gratefully received.
>
> Thanks
> Ed Spicke"
> Tunnel-Type=1:VLAN,
> Tunnel-Medium-Type=1:Ether_802,
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Network Support
> S.O.A.S
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> =========================================
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list