[RADIATOR] Radius domain only auth, with password='cisco'

Hugh Irvine hugh at open.com.au
Wed Nov 6 15:56:44 CST 2013


Hello Michael -

This sounds like Cisco VPDN tunnelling.

This example is from the standard “users” file in the Radiator distribution:


# This example shows how to configure a Cisco VPDN circuit:
open.com.au     User-Password=cisco, Service-Type=Outbound-User
        cisco-avpair = "vpdn:tunnel-id=cca-gw",
        cisco-avpair = "vpdn:ip-addresses=1.2.3.4",
        cisco-avpair = "vpdn:nas-password=pw",
        cisco-avpair = "vpdn:gw-password=pw”


regards

Hugh       


On 7 Nov 2013, at 04:56, Michael <ringo at vianet.ca> wrote:

> 
> Has anyone ever seen a situation where, for every authentication attempt 
> to a radiator system from a cisco device, there is an authentication 
> attempt right before it that appears to be:
> 
> - a domain (the username with the 'username@' part stripped off).
> - plain text password is always 'cisco'.
> - Service-Type = Outbound-User
> 
> if I remove this line from the cisco lns:
> aaa authorization network TEST group TEST
> ...the extra auth attempts stop, but then my radius network static 
> profiles don't work, so it's not a solution but it narrows down the problem.
> 
> my auth requests for the radiator system are essentially doubled due to 
> this.  This only started happening recently.  Network guys sometimes are 
> like a ticking time bomb and asking them can cause an explosion so i 
> thought i would ask here.
> 
> 
> Mike
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


--

Hugh Irvine
hugh at open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. 
Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.



More information about the radiator mailing list