Cisco auth-proxy and cisco-avpair proxyacl

Andrea.DAlessandro at esa.int Andrea.DAlessandro at esa.int
Wed Jul 20 22:18:12 CEST 2005 

Hi there, 
I am running FreeRADIUS Version 1.0.4 on Solaris 8 for RADIUS services. 
Then I have a Cisco 3660 configured for inbound https auth-proxy. IOS on 
router -> c3660-ik9o3s-mz.123-14.T.bin 

% users 
<snip> 
# 
test  Auth-Type := Local, User-Password == "test1234" 
      Service-Type = Outbound, 
      cisco-avpair = "auth-proxy:priv-lvl=15", 
      cisco-avpair += "auth-proxy:proxyacl#1=permit tcp host 12.13.14.15 
host 21.31.41.51 eq 22" 
# 


Problem: user test get successful auth-prox authorization but the dynamic 
acl is not used by the router. 
FYI - The RADIUS server passes the ACL and he router receives the ACL 
(debug not reported in this email). 

Can you help me? Thanks a lot. 

Full debug on the server: 

# radiusd -X 
<snip> 
rad_recv: Access-Request packet from host 131.176.131.40:1645, id=23, 
length=102 
        User-Name = "test" 
        Reply-Message = "Password: " 
        User-Password = "test1234" 
        NAS-Port = 226 
        NAS-Port-Id = "tty226" 
        NAS-Port-Type = Virtual 
        Calling-Station-Id = "xx.xx.xx.xx" 
        NAS-IP-Address = xx.xx.xx.xx 
  Processing the authorize section of radiusd.conf 
modcall: entering group authorize for request 0 
  modcall[authorize]: module "preprocess" returns ok for request 0 
  modcall[authorize]: module "chap" returns noop for request 0 
  modcall[authorize]: module "mschap" returns noop for request 0 
    rlm_realm: No '@' in User-Name = "adalessa", looking up realm NULL 
    rlm_realm: No such realm "NULL" 
  modcall[authorize]: module "suffix" returns noop for request 0 
  rlm_eap: No EAP-Message, not doing EAP 
  modcall[authorize]: module "eap" returns noop for request 0 
    users: Matched entry adalessa at line 98 
  modcall[authorize]: module "files" returns ok for request 0 
modcall: group authorize returns ok for request 0 
  rad_check_password:  Found Auth-Type Local 
auth: type Local 
auth: user supplied User-Password matches local User-Password 
Sending Access-Accept of id 23 to xx.xx.xx.xx:1645 
        Cisco-AVPair = "auth-proxy:priv-lvl=15" 
        Cisco-AVPair += "auth-proxy:proxyacl#1=permit tcp host 12.13.14.15 
host 21.31.41.51 eq 22" 
Finished request 0 
Going to the next request 
--- Walking the entire request list --- 
Waking up in 6 seconds... 
--- Walking the entire request list --- 
Cleaning up request 0 ID 23 with timestamp 42dea17c 
Nothing to do.  Sleeping until we see a request.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20050720/89bb49ff/attachment.html>

More information about the Freeradius-Users mailing list