radius and cisco

Alan DeKok aland at deployingradius.com
Tue Feb 19 22:48:51 CET 2008


Jim McIver wrote:
> I'm a newbie and looking for instructions on how to setup FreeRADIUS 
> Version 1.1.7 on a SLES 10 linux box to use for authenication and  
> logging for a cisco 2801 router. I want to track users connecting 
> from the outside world using Cisco's vpn client and cisco sayes 
> radius is the answer.

  Yes.

> I'd like to start with just allowing users from the linux /etc/passwd 
> access and then move onto authenication from my Netware 6.5 LDAP 
> server.

  See the FAQ for getting started with FreeRADIUS.

> I've read all I can find on freeradius.org and cisco, but still don't 
> understand....hard learner I guess.
> 
> radiusd -xx gives:
...
> Ready to process requests.

  And no packets.  The server has to receive a request for it to be able
to do something.

> My radius.conf is what was installed as default.
> Q1? Do I need to add anything other than the below to client.conf?

  No.

> I believe the relavent part of the users file is:
> 
> DEFAULT Auth-Type = System
>         Fall-Through = 1

  Yes.

> Notes I've read say to change this to 255.255.255.255 ??

  Maybe.  Only if you're assigning IP addresses.

> Q2? I believe I also need to add something similar to the below in 
> the users file?

  Not if the users are being authenticated from /etc/passwd.

> Q3? Does "youruser" and "somepass" need to be a valid user from 
> /etc/passwd? I'm unclear if there is a link between users in this 
> file and valid users in /etc/passwd of the linux box.

  They are independent.

  Alan DeKok.



More information about the Freeradius-Users mailing list