[RADIATOR] Radius domain only auth, with password='cisco'
Michael
ringo at vianet.ca
Wed Nov 6 17:05:51 CST 2013
i'm looking to stop it. not set it up. i'm not sure what had
enabled/configured it to start happening. I guess this is probably the
wrong place to ask.
On 06/11/13 04:56 PM, Hugh Irvine wrote:
> Hello Michael -
>
> This sounds like Cisco VPDN tunnelling.
>
> This example is from the standard “users” file in the Radiator distribution:
>
>
> # This example shows how to configure a Cisco VPDN circuit:
> open.com.au User-Password=cisco, Service-Type=Outbound-User
> cisco-avpair = "vpdn:tunnel-id=cca-gw",
> cisco-avpair = "vpdn:ip-addresses=1.2.3.4",
> cisco-avpair = "vpdn:nas-password=pw",
> cisco-avpair = "vpdn:gw-password=pw”
>
>
> regards
>
> Hugh
>
>
> On 7 Nov 2013, at 04:56, Michael <ringo at vianet.ca> wrote:
>
>> Has anyone ever seen a situation where, for every authentication attempt
>> to a radiator system from a cisco device, there is an authentication
>> attempt right before it that appears to be:
>>
>> - a domain (the username with the 'username@' part stripped off).
>> - plain text password is always 'cisco'.
>> - Service-Type = Outbound-User
>>
>> if I remove this line from the cisco lns:
>> aaa authorization network TEST group TEST
>> ...the extra auth attempts stop, but then my radius network static
>> profiles don't work, so it's not a solution but it narrows down the problem.
>>
>> my auth requests for the radiator system are essentially doubled due to
>> this. This only started happening recently. Network guys sometimes are
>> like a ticking time bomb and asking them can cause an explosion so i
>> thought i would ask here.
>>
>>
>> Mike
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>
> --
>
> Hugh Irvine
> hugh at open.com.au
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc.
> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
>
>
More information about the radiator
mailing list