same user on different service

"Николай Г. Петров" bsdrab at gmail.com
Fri Mar 27 13:49:52 CET 2009


Thanks for help!!
It's work!! , but now have a problem from cisco.  From aaa server 
console mode all it's OK:

$ echo 
"User-Name=user100,User-Password=pass,Service-Type=NAS-Prompt-User" | 
radclient 127.0.0.1:1812 auth testing123
Received response ID 31, code 2, length = 50
        Service-Type = NAS-Prompt-User
        Cisco-AVPair = "shell:priv-lvl=0"

$ echo "User-Name=user100,User-Password=pass,Service-Type=Framed-User" | 
radclient 127.0.0.1:1812 auth testing123
Received response ID 33, code 2, length = 68
        Called-Station-Id = "1133"
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Cisco-AVPair = "ip:addr-pool=dynpool"


file "users"

usr100            User-Password := "pass", Service-Type == NAS-Prompt-User
               Service-Type = NAS-Prompt-User,
               cisco-avpair = "shell:priv-lvl=0"

usr100            Auth-Type := Local, User-Password := "pass"
               Called-Station-Id == "1133",
               Service-Type = Framed-User,
               Framed-Protocol = PPP,
               Cisco-AVPair ="ip:addr-pool=dynpool"

DEFAULT         Framed-Protocol == PPP
               Framed-Protocol = PPP,
               Framed-Compression = Van-Jacobson-TCP-IP


DEFAULT         Auth-Type := Reject
               Reply-Message = "%{User-Name},  don't have access!"

User 'user100' try to login to cisco shell:

Line has invalid autocommand " ppp negotiate"Connection closed by 
foreign host.

radiusd -X

rad_recv: Access-Request packet from host 192.168.10.100:1812, id=19, 
length=79
        NAS-IP-Address = 192.168.10.100
        NAS-Port = 1
        NAS-Port-Type = Virtual
        User-Name = "user100"
        Calling-Station-Id = "192.168.10.120"
        User-Password = "pass"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "user100", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched entry user100 at line 641
  modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
  rad_check_password:  Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 19 to 192.168.10.100 port 1812
        Called-Station-Id == "1133"
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Cisco-AVPair = "ip:addr-pool=dynpool"
Finished request 0
Going to the next request


View this debug log, think problem to side a cisco, not a freeradius??? 
Cisco some how send wrong attribute, know you how to relove the problem?



More information about the Freeradius-Users mailing list