Freeradius with CoA

M K mkollaider at gmail.com
Wed Mar 4 11:18:37 CET 2009


Hello all!

I have freeradius 2.1.3 installed on my FreeBSD 7.1 OS. And i have cisco
7201 with ISG module. When i try to send CoA (Change of authorization)
account-logon request like this

/bin/echo
"User-Name='cisco',User-Password='cisco',cisco-avpair='subscriber:command=account-logon',Cisco-Account-Info='S172.16.xx.xx'"
| /usr/local/bin/radclient -x 172.16.yy.yy coa secret

i immediatly recieve CoA-NAK.

rad_recv: CoA-NAK packet from host 172.16.yy.yy port 1700, id=5, length=56
  Cisco-Command-Code = "\0202;cisco"
  Cisco-Account-Info = "S172.16.xx.xx"

There's cisco debug:

012618: *Mar 4 03:03:35.479: RADIUS: COA received from id 234
172.16.xx.xx:51830, CoA Request, len 105
012619: *Mar 4 03:03:35.479: COA: 172.16.xx.xx request queued
012620: *Mar 4 03:03:35.479: RADIUS: authenticator 94 A8 95 26 37 C1 9F F5 -
44 C6 E6 E4 59 21 91 74
012621: *Mar 4 03:03:35.479: RADIUS: User-Name [1] 7 "cisco"
012622: *Mar 4 03:03:35.479: RADIUS: User-Password [2] 18 *
012623: *Mar 4 03:03:35.479: RADIUS: Vendor, Cisco [26] 40
012624: *Mar 4 03:03:35.479: RADIUS: Cisco AVpair [1] 34
"subscriber:command=account-logon"
012625: *Mar 4 03:03:35.479: RADIUS: Vendor, Cisco [26] 20
012626: *Mar 4 03:03:35.479: RADIUS: ssg-account-info [250] 14
"S172.16.xx.xx"
012627: *Mar 4 03:03:35.479: ++++++ CoA Attribute List ++++++
012628: *Mar 4 03:03:35.479: 068F1110 0 00000009 username(396) 5 cisco
012629: *Mar 4 03:03:35.479: 068F0F08 0 00000009 password(282) 13 <opaque
value>
012630: *Mar 4 03:03:35.479: 068F0F18 0 00000009 ssg-account-info(430) 12
S172.16.xx.xx
012631: *Mar 4 03:03:35.479: 068F0F28 0 00000009 ssg-command-code(432) 6 01
63 69 73 63 6F
012632: *Mar 4 03:03:35.479:
012633: *Mar 4 03:03:35.479: RADIUS(00000000): sending
012634: *Mar 4 03:03:35.479: RADIUS(00000000): Send CoA Nack Response to
172.16.xx.xx:51830 id 234, len 56
012635: *Mar 4 03:03:35.479: RADIUS: authenticator 22 E9 05 70 EB CD A1 E7 -
4C 61 07 0B 28 85 5D 97
012636: *Mar 4 03:03:35.479: RADIUS: Vendor, Cisco [26] 16
012637: *Mar 4 03:03:35.479: RADIUS: ssg-command-code [252] 10
012638: *Mar 4 03:03:35.479: RADIUS: 10 32 3B 63 69 73 63 6F [Error-Code
2;cisco]
012639: *Mar 4 03:03:35.479: RADIUS: Vendor, Cisco [26] 20
012640: *Mar 4 03:03:35.479: RADIUS: ssg-account-info [250] 14
"S172.16.xx.xx"

Have i sent a correct request to cisco? If no, how can i send a correct
account-logon request with radclient?

Thank's.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090304/b8e641b9/attachment.html>


More information about the Freeradius-Users mailing list