<br><font size=1 face="Courier New">Hi there,</font><font size=3> </font><font size=1 face="Courier New"><br>
I am running FreeRADIUS Version 1.0.4 on Solaris 8 for RADIUS services.</font><font size=3>
</font><font size=1 face="Courier New"><br>
Then I have a Cisco 3660 configured for inbound https auth-proxy. IOS on
router -> c3660-ik9o3s-mz.123-14.T.bin </font><font size=3><br>
</font><font size=1 face="Courier New"><br>
% users</font><font size=3> </font><font size=1 face="Courier New"><br>
<snip></font><font size=3> </font><font size=1 face="Courier New"><br>
#</font><font size=3> </font><font size=1 face="Courier New"><br>
test Auth-Type := Local, User-Password == "test1234"</font><font size=3>
</font><font size=1 face="Courier New"><br>
Service-Type = Outbound,</font><font size=3> </font><font size=1 face="Courier New"><br>
cisco-avpair = "auth-proxy:priv-lvl=15",</font><font size=3>
</font><font size=1 face="Courier New"><br>
cisco-avpair += "auth-proxy:proxyacl#1=permit
tcp host 12.13.14.15 host 21.31.41.51 eq 22"</font><font size=3> </font><font size=1 face="Courier New"><br>
#</font><font size=3> <br>
<br>
</font><font size=1 face="Courier New"><br>
Problem: user test get successful auth-prox authorization but the dynamic
acl is not used by the router.</font><font size=3> </font><font size=1 face="Courier New"><br>
FYI - The RADIUS server passes the ACL and he router receives the ACL (debug
not reported in this email).</font><font size=3> <br>
</font><font size=1 face="Courier New"><br>
Can you help me? Thanks a lot.</font><font size=3> <br>
</font><font size=1 face="Courier New"><br>
Full debug on the server:</font><font size=3> <br>
</font><font size=1 face="Courier New"><br>
# radiusd -X</font><font size=3> </font><font size=1 face="Courier New"><br>
<snip></font><font size=3> </font><font size=1 face="Courier New"><br>
rad_recv: Access-Request packet from host 131.176.131.40:1645, id=23, length=102</font><font size=3>
</font><font size=1 face="Courier New"><br>
User-Name = "test"</font><font size=3>
</font><font size=1 face="Courier New"><br>
Reply-Message = "Password: "</font><font size=3>
</font><font size=1 face="Courier New"><br>
User-Password = "test1234"</font><font size=3>
</font><font size=1 face="Courier New"><br>
NAS-Port = 226</font><font size=3> </font><font size=1 face="Courier New"><br>
NAS-Port-Id = "tty226"</font><font size=3>
</font><font size=1 face="Courier New"><br>
NAS-Port-Type = Virtual</font><font size=3>
</font><font size=1 face="Courier New"><br>
Calling-Station-Id = "xx.xx.xx.xx"</font><font size=3>
</font><font size=1 face="Courier New"><br>
NAS-IP-Address = xx.xx.xx.xx</font><font size=3>
</font><font size=1 face="Courier New"><br>
Processing the authorize section of radiusd.conf</font><font size=3>
</font><font size=1 face="Courier New"><br>
modcall: entering group authorize for request 0</font><font size=3> </font><font size=1 face="Courier New"><br>
modcall[authorize]: module "preprocess" returns ok for
request 0</font><font size=3> </font><font size=1 face="Courier New"><br>
modcall[authorize]: module "chap" returns noop for request
0</font><font size=3> </font><font size=1 face="Courier New"><br>
modcall[authorize]: module "mschap" returns noop for request
0</font><font size=3> </font><font size=1 face="Courier New"><br>
rlm_realm: No '@' in User-Name = "adalessa", looking
up realm NULL</font><font size=3> </font><font size=1 face="Courier New"><br>
rlm_realm: No such realm "NULL"</font><font size=3>
</font><font size=1 face="Courier New"><br>
modcall[authorize]: module "suffix" returns noop for request
0</font><font size=3> </font><font size=1 face="Courier New"><br>
rlm_eap: No EAP-Message, not doing EAP</font><font size=3> </font><font size=1 face="Courier New"><br>
modcall[authorize]: module "eap" returns noop for request
0</font><font size=3> </font><font size=1 face="Courier New"><br>
users: Matched entry adalessa at line 98</font><font size=3>
</font><font size=1 face="Courier New"><br>
modcall[authorize]: module "files" returns ok for request
0</font><font size=3> </font><font size=1 face="Courier New"><br>
modcall: group authorize returns ok for request 0</font><font size=3> </font><font size=1 face="Courier New"><br>
rad_check_password: Found Auth-Type Local</font><font size=3>
</font><font size=1 face="Courier New"><br>
auth: type Local</font><font size=3> </font><font size=1 face="Courier New"><br>
auth: user supplied User-Password matches local User-Password</font><font size=3>
</font><font size=1 face="Courier New"><br>
Sending Access-Accept of id 23 to xx.xx.xx.xx:1645</font><font size=3>
</font><font size=1 face="Courier New"><br>
Cisco-AVPair = "auth-proxy:priv-lvl=15"</font><font size=3>
</font><font size=1 face="Courier New"><br>
Cisco-AVPair += "auth-proxy:proxyacl#1=permit
tcp host 12.13.14.15 host 21.31.41.51 eq 22"</font><font size=3> </font><font size=1 face="Courier New"><br>
Finished request 0</font><font size=3> </font><font size=1 face="Courier New"><br>
Going to the next request</font><font size=3> </font><font size=1 face="Courier New"><br>
--- Walking the entire request list ---</font><font size=3> </font><font size=1 face="Courier New"><br>
Waking up in 6 seconds...</font><font size=3> </font><font size=1 face="Courier New"><br>
--- Walking the entire request list ---</font><font size=3> </font><font size=1 face="Courier New"><br>
Cleaning up request 0 ID 23 with timestamp 42dea17c</font><font size=3>
</font><font size=1 face="Courier New"><br>
Nothing to do. Sleeping until we see a request.</font>