Radius Proxying and IP injection

Joe Maimon jmaimon at ttec.com
Mon Jun 12 22:10:01 CEST 2006



John Williams wrote:

>
> 
> However the users that are authenticating are being dropped offline as 
> soon as they authenticate.
> 
> The account logs show the reason as being “User-Request” although the 
> user hasn’t requested a disconnect, in fact they aren’t connected long 
> enough to do so.
> 
>  
> 
> The customer is also sending a framed IP address for each user that 
> connects via the users radius users file entry.

Your cisco doesnt like certain attributes in the reply and closes the 
connections. Likely as not the attributes it doesnt like is the ones in 
relation to what your customer is trying to assign. debugs will show you 
exactly which one, but beware.

debug radius
debug aaa authentication
debug aaa authorization
debug aaa per-user
debug aaa subsys
debug ppp negotiation
debug vtemplate ev
debug vtemplate cloning
debug vprofile


I would also run your server in debugging mode to see exactly which 
attributes are being sent to your cisco nas for those users.





More information about the Freeradius-Users mailing list