|
ru.cisco
- RU.CISCO ---------------------------------------------------------------------
From : Sergey V. Artjushkin 2:5020/400 09 Jan 2002 14:03:53
To : All
Subject : terminal access throught radius
--------------------------------------------------------------------------------
День добрый
Коллеги, вот такая возникла проблема. Есть модемный пуул на cisco 5350.
Авторизация настроена на radius. Если звонить терминалкой, то не
проходит PPP authorization. PAP CHAP авторизация работает нормально.
Конфиг:
aaa authentication login default local
aaa authentication login DIALIN group radius
aaa authentication login VTY local
aaa authentication login CONSOLE local
aaa authentication login AUX local
aaa authentication ppp default if-needed group radius
aaa authorization exec default local if-authenticated group radius
aaa authorization network default if-authenticated group radius
aaa accounting suppress null-username
aaa accounting update newinfo
aaa accounting network default wait-start group radius
aaa session-id common
!
radius-server configure-nas
radius-server host 10.10.10.10 auth-port 1745 acct-port 1746
radius-server retransmit 3
radius-server attribute nas-port format b
radius-server key 7 *
radius-server vsa send accounting
radius-server vsa send authentication
!
interface Group-Async0
ip unnumbered FastEthernet0/0
encapsulation ppp
no ip mroute-cache
async mode interactive
peer default ip address pool dialup956
ppp authentication pap chap callin
group-range 1/00 2/59
!
line 1/00 1/59
no flush-at-activation
login authentication DIALIN
modem InOut
modem autoconfigure type MAG
transport input all
autoselect during-login
autoselect ppp
line 2/00 2/59
no flush-at-activation
login authentication DIALIN
modem InOut
modem autoconfigure type MAG
transport input all
autoselect during-login
autoselect ppp
!
-----------------------------------------
Debug:
Jan 9 12:04:48.923 MSK: RADIUS/ENCODE(0000185C): ask "Password: "
Jan 9 12:04:48.923 MSK: RADIUS/ENCODE(0000185C): send packet; GET_PASSWORD
Jan 9 12:04:53.479 MSK: RADIUS/ENCODE: Attribute has no value set for
AAA attribute clid
Jan 9 12:04:53.479 MSK: RADIUS/ENCODE(0000185C): Unsupported AAA
attribute parent-interface-type
Jan 9 12:04:53.479 MSK: RADIUS/ENCODE(0000185C): acct_session_id: 11079
Jan 9 12:04:53.479 MSK: RADIUS(0000185C): sending
Jan 9 12:04:53.483 MSK: RADIUS: Send to unknown id 202
217.23.130.27:1745, Access-Request, len 141
Jan 9 12:04:53.483 MSK: RADIUS: authenticator F9 B8 4D 8F 2F 5C E1 1D
- F0 3A DA 87 F8 4F 01 EF
Jan 9 12:04:53.483 MSK: RADIUS: User-Name [1] 6 "skiv"
Jan 9 12:04:53.483 MSK: RADIUS: User-Password [2] 18 *
Jan 9 12:04:53.483 MSK: RADIUS: Called-Station-Id [30] 6 "1001"
Jan 9 12:04:53.483 MSK: RADIUS: NAS-Port [5] 6
1312489525
Jan 9 12:04:53.483 MSK: RADIUS: Vendor, Cisco [26] 27
Jan 9 12:04:53.483 MSK: RADIUS: Cisco AVpair [1] 21
"interface=Async2/53"
Jan 9 12:04:53.483 MSK: RADIUS: NAS-Port-Type [61] 6 Async
[0]
Jan 9 12:04:53.483 MSK: RADIUS: NAS-Port [5] 6
1312489525
Jan 9 12:04:53.483 MSK: RADIUS: Vendor, Cisco [26] 34
Jan 9 12:04:53.483 MSK: RADIUS: Cisco AVpair [1] 28
"parent-interface=Serial3/0"
Jan 9 12:04:53.483 MSK: RADIUS: Service-Type [6] 6 Login
[1]
Jan 9 12:04:53.483 MSK: RADIUS: NAS-IP-Address [4] 6 1.1.1.1
Jan 9 12:04:53.631 MSK: RADIUS: Received from id 202 10.10.10.10:1745,
Access-Accept, len 50
Jan 9 12:04:53.631 MSK: RADIUS: authenticator 8E 98 7A A9 EF 34 C8 1A
- C4 8F BB A9 D8 3F 58 AF
Jan 9 12:04:53.631 MSK: RADIUS: Service-Type [6] 6 Framed
[2]
Jan 9 12:04:53.631 MSK: RADIUS: Framed-Protocol [7] 6 PPP
[1]
Jan 9 12:04:53.631 MSK: RADIUS: Framed-IP-Address [8] 6 2.2.2.2
Jan 9 12:04:53.631 MSK: RADIUS: Framed-IP-Netmask [9] 6
255.255.255.255
Jan 9 12:04:53.631 MSK: RADIUS: Unsupported [12] 6
Jan 9 12:04:53.631 MSK: RADIUS: 00 00 05 DC
[????]
Jan 9 12:04:53.631 MSK: RADIUS: Received from id 185C
Jan 9 12:04:53.631 MSK: RADIUS: Unsupported [12] 6
Jan 9 12:04:53.631 MSK: RADIUS: 00 00 05 DC
[????]
Jan 9 12:04:53.631 MSK: RADIUS: Constructed " ppp negotiate"
Jan 9 12:04:53.631 MSK: AAA/AUTHOR (0x185C): Pick method list 'default'
Jan 9 12:04:53.631 MSK: AAA/AUTHOR/EXEC(0000185C): processing AV noescape=1
Jan 9 12:04:53.631 MSK: AAA/AUTHOR/EXEC(0000185C): processing AV
autocmd= ppp negotiate
Jan 9 12:04:53.631 MSK: AAA/AUTHOR/EXEC(0000185C): Authorization successful
Jan 9 12:04:53.631 MSK: AAA/AUTHOR (0x185C): Pick method list 'default'
Jan 9 12:04:53.635 MSK: Async2/53 AAA/AUTHOR/PPP: Processing AV addr
Jan 9 12:04:53.635 MSK: Async2/53 AAA/AUTHOR/PPP: Processing AV netmask
Jan 9 12:04:53.635 MSK: AAA/AUTHOR: mandatory attribute 'netmask' unhandled
Jan 9 12:04:53.635 MSK: AAA/AUTHOR/SLIP: Async2/53: denied
Jan 9 12:04:56.075 MSK: %MODEMCALLRECORD-6-PM_TERSE_CALL_RECORD: DS0
slot/contr/chan=3/0/28, slot/port=2/53, call_id=1843, userid=skiv,
ip=0.0.0.0, calling=(n/a), called=1001, std=V.34, prot=LAP-M, comp=None,
init-rx/tx b-rate=9600/9600, finl-rx/tx b-rate=9600/9600, rbs=255,
d-pad=None, retr=0, sq=7, snr=37, rx/tx chars=12/87, bad=0, rx/tx
ec=12/7, bad=0, time=18, finl-state=Steady, disc(radius)=(n/a)/(n/a),
disc(modem)=1F03 <unknown>/Requested by host/DTR dropped
----------------------------------------------------------
Hасколько я понимаю, EXEC authorization прошла нормально и все
затыкается на NETWORK authorization. Я прав?
Также есть подозрение, что это как-то свзано с User Service-Type.
Jan 9 12:04:53.631 MSK: RADIUS: Service-Type [6] 6 Framed
Просвятите плиз. Куда копать?
--
With best regards.
------------------------------------------------------------------
Sergey Artjushkin
(SKIV-RIPE)
--- ifmail v.2.15dev5
* Origin: ISP Caravan(http://www.caravan.ru) News Server (2:5020/400)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
terminal access throught radius |
Sergey V. Artjushkin |
09 Jan 2002 14:03:53 |
|
|
