[RADIATOR] Radius domain only auth, with password='cisco'

Hugh Irvine hugh at open.com.au
Wed Nov 6 23:04:20 CST 2013


Hello Michael -

This is configured on the Cisco box - you will need to ask your network people to turn it off.

regards

Hugh


On 7 Nov 2013, at 10:05, Michael <ringo at vianet.ca> wrote:

> i'm looking to stop it. not set it up.  i'm not sure what had enabled/configured it to start happening.  I guess this is probably the wrong place to ask.
> 
> On 06/11/13 04:56 PM, Hugh Irvine wrote:
>> Hello Michael -
>> 
>> This sounds like Cisco VPDN tunnelling.
>> 
>> This example is from the standard “users” file in the Radiator distribution:
>> 
>> 
>> # This example shows how to configure a Cisco VPDN circuit:
>> open.com.au     User-Password=cisco, Service-Type=Outbound-User
>>         cisco-avpair = "vpdn:tunnel-id=cca-gw",
>>         cisco-avpair = "vpdn:ip-addresses=1.2.3.4",
>>         cisco-avpair = "vpdn:nas-password=pw",
>>         cisco-avpair = "vpdn:gw-password=pw”
>> 
>> 
>> regards
>> 
>> Hugh
>> 
>> 
>> On 7 Nov 2013, at 04:56, Michael <ringo at vianet.ca> wrote:
>> 
>>> Has anyone ever seen a situation where, for every authentication attempt
>>> to a radiator system from a cisco device, there is an authentication
>>> attempt right before it that appears to be:
>>> 
>>> - a domain (the username with the 'username@' part stripped off).
>>> - plain text password is always 'cisco'.
>>> - Service-Type = Outbound-User
>>> 
>>> if I remove this line from the cisco lns:
>>> aaa authorization network TEST group TEST
>>> ...the extra auth attempts stop, but then my radius network static
>>> profiles don't work, so it's not a solution but it narrows down the problem.
>>> 
>>> my auth requests for the radiator system are essentially doubled due to
>>> this.  This only started happening recently.  Network guys sometimes are
>>> like a ticking time bomb and asking them can cause an explosion so i
>>> thought i would ask here.
>>> 
>>> 
>>> Mike
>>> _______________________________________________
>>> radiator mailing list
>>> radiator at open.com.au
>>> http://www.open.com.au/mailman/listinfo/radiator
>> 
>> --
>> 
>> Hugh Irvine
>> hugh at open.com.au
>> 
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>> DIAMETER etc.
>> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
>> 
>> 
> 


--

Hugh Irvine
hugh at open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. 
Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.



More information about the radiator mailing list