Freeradius-Users Digest, Vol 125, Issue 34

Neil Morris nmorris at tibus.com
Fri Sep 11 16:02:58 CEST 2015 

 Alan,

Firstly thanks for you responses to date! I do appreciate it..

Apologies for the lack of detail…  here is more info

FreeRADIUS Version 2.1.12

I have deployed using just the local users file with x3 test accounts
including the information that the provider has requested I respond with to
complete the auth between our LNS and their BRAS.

I had x1 connection up and stable for 3weeks.  I shipped out x2 more routers
and I start to see some strange behaviour.  FR authenticates the session
fine but on the router console the interface is reset straight away and so
the loop of authentication continues.  Running FR in debug/verbose I can see
the sessions being authenticated as I would expect with all of the relevant
user attributes being passed.

The below is what the SP has requested I return to their BRAS;

mydom.net.uk Cleartext-Password := “password"
Service-Type = Outbound-User,
Tunnel-Type = L2TP,
Tunnel-Medium-Type = IP,
Tunnel-Password = password,
Tunnel-Server-Endpoint = 89.x.y.134,
Tunnel-Client-Auth-ID = “MY-LNS"


The following is an example of a user account and the Cisco AVP that I am
sending;

test at mydom.net.uk Cleartext-Password := “test"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-MTU = 1440,
Framed-IP-Address = 10.31.253.253,
Framed-IP-Netmask = 255.255.255.255,
Framed-Route = "0.0.0.0 0.0.0.0 89.x.y.134",
Cisco-AVPair = "ip:vrf-id=VRF_417858",
Cisco-Avpair += "ip:route#1=vrf VRF_417858 10.31.249.0 255.255.255.0
10.31.253.253 tag 417858",
Cisco-AVPair += "ip:ip-unnumbered=Loopback417858"

The SP is advising me that from their debugs I am sending them everything
after the username & password as listed above..

They mention that I should have 2 instances for RADIUS or that I change the
radius system I use..

Regards
Neil


Message: 5
Date: Fri, 11 Sep 2015 08:19:56 -0400
From: Alan DeKok <aland at deployingradius.com>
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Subject: Re: Freeradius with LNS & Provider BRAS
Message-ID: <D70545FB-75A6-41F2-8E25-4E3FE3E06CC0 at deployingradius.com>
Content-Type: text/plain; charset=iso-8859-1

On Sep 11, 2015, at 7:09 AM, Neil Morris <nmorris at tibus.com> wrote:
>  I am looking for some guidance.  I am using the users file which contains x3
>  user accounts aswell as the domain suffix & the necessary authentication
>  details for the providers RADIUS server. Under the user accounts I have a
>  number of cisco avp with VRF & static address etc for the LNS

  That's a bit vague, but OK.

>  Whoever ­ The provider is telling me that I am passing all the LNS relate
>  info to their RADIUS which is causing the tunnel build to fail.

  That's even more vague.

>   Is there
>  something major that I am missing here in relation to my config?

  A good description of the problem?

  Alan DeKok.




------------------------------

More information about the Freeradius-Users mailing list