Cisco with Freeradius problem.

coroy barte coroybarte at gmail.com
Wed Jul 11 11:23:49 CEST 2007 

Hi there,

I would like to ask if where in my cisco configuration has a problem. First
i used MPD as my LNS and no encountered problem authenticating to the
freeradius but when i change my LNS to Cisco it seems i can't log in. What
are possible problem in my configuration? Is it in the Cisco or Freeradius
has a problem setting. What would be the coz of the problem as stated in the
log.

I attach the logs for review.

Thank you and more power.

--coroy


Cisco log:

*May 22 15:43:51.404: ppp253 PAP: I AUTH-REQ id 186 len 19 from "coroy"
*May 22 15:43:51.404: ppp253 PAP: Authenticating peer coroy
*May 22 15:43:51.412: AAA/AUTHEN/PPP (00000132): Pick method list 'default'
*May 22 15:43:51.412: AAA/ATTR(00000132): copy lists
*May 22 15:43:51.412: AAA/ATTR(00000132): new list: 6459A2A8 old list:
645943E4
*May 22 15:43:51.412: AAA/ATTR(00000132): new list: 644B8774
*May 22 15:43: 51.412: AAA/ATTR(00000132): add attr: 644B878C 0 00000002
Framed-Protocol(62) 4 PPP
*May 22 15:43:51.412: AAA/ATTR(00000132): add attr: 644B87A0 0 00000009
username(318) 5 coroy
*May 22 15:43:51.412: AAA/ATTR(00000132): add attr: 644B87B4 0 00000009
password(226) 8 70 61 73 73 77 6F 72 64
*May 22 15:43:51.412: ppp253 PPP: Sent PAP LOGIN Request
*May 22 15:43:51.412: AAA SRV(00000132): process authen req
*May 22 15:43:51.412: AAA SRV(00000132): Authen method=SERVER_GROUP IWC
*May 22 15:43:51.412 : AAA/ATTR(00000132): cursor init: 63958DC0 644B8774
none unknown
*May 22 15:43:51.412: AAA/ATTR(00000132): find :644B87A0 0 00000009
username(318) 5 coroy
*May 22 15:43:51.412: AAA/ATTR(00000132): cursor init: 63958E50 644B8774
none unknown
*May 22 15:43:51.412: AAA/ATTR(00000132): find :644B87A0 0 00000009
username(318) 5 coroy
*May 22 15:43:51.412: AAA/ATTR(00000132): cursor init: 63958D78 644B8774
none none
*May 22 15:43:51.412: AAA/ATTR(00000132): find next matching service=none,
protocol=none
*May 22 15:43:51.412: AAA/ATTR(00000132):  Framed-Protocol ok
*May 22 15:43:51.412: AAA/ATTR(00000132): find next matching service=none,
protocol=none
*May 22 15:43:51.412: AAA/ATTR(00000132):  username ok
*May 22 15:43: 51.412: AAA/ATTR(00000132): find next matching service=none,
protocol=none
*May 22 15:43:51.412: AAA/ATTR(00000132):  password ok
*May 22 15:43:51.412: AAA/ATTR(00000132): find next matching service=none,
protocol=none
*May 22 15:43:51.416: AAA/ATTR(00000132): not found
*May 22 15:43:51.416: AAA/ATTR(00000132): cursor init: 63958D78 6459A2A8
none none
*May 22 15:43:51.416: AAA/ATTR(00000132): find next matching service=none,
protocol=none
*May 22 15:43:51.416: AAA/ATTR(00000132):  port-type ok
*May 22 15:43:51.416: AAA/ATTR(00000132): find next matching service=none,
protocol=none
*May 22 15:43:51.416: AAA/ATTR(00000132):  interface ok
*May 22 15:43: 51.416: RADIUS(00000132): Storing nasport 928 in rad_db
*May 22 15:43:51.416: AAA/ATTR(00000132): find next matching service=none,
protocol=none
*May 22 15:43:51.416: AAA/ATTR(00000132):  clid ok
*May 22 15:43:51.416 : AAA/ATTR(00000132): find next matching service=none,
protocol=none
*May 22 15:43:51.416: AAA/ATTR(00000132):  dnis ok
*May 22 15:43:51.416: AAA/ATTR(00000132): find next matching service=none,
protocol=none
*May 22 15:43: 51.416: AAA/ATTR(00000132): not found
*May 22 15:43:51.416: RADIUS(00000132): Config NAS IP: 0.0.0.0
*May 22 15:43:51.416: Getting session id for NET(00000132) : db=64596B3C
*May 22 15:43: 51.416: RADIUS/ENCODE(00000132): acct_session_id: 390
*May 22 15:43:51.416: RADIUS(00000132): sending
*May 22 15:43:51.416: RADIUS/ENCODE: Best Local IP-Address 10.3.2.130 for
Radius-Server 10.3.2.127
*May 22 15:43:51.416: RADIUS(00000132): Send Access-Request to
10.3.2.127:1812 id 21646/45, len 94
*May 22 15:43:51.416: RADIUS:  authenticator 95 18 5E 04 20 9F B2 6D - 9C D7
2E F0 66 3F B2 EA
*May 22 15:43:51.416: RADIUS:  Framed-Protocol     [7]   6
PPP                       [1]
*May 22 15:43:51.416: RADIUS:  User-Name           [1]   7   "coroy"
*May 22 15:43:51.416: RADIUS:  User-Password       [2]   18  *
*May 22 15:43:51.416: RADIUS:  NAS-Port-Type       [61]  6
Virtual                   [5]
*May 22 15:43:51.416: RADIUS:  NAS-Port            [5]   6
928
*May 22 15:43:51.416: RADIUS:  Calling-Station-Id  [31]  14  "000c2965075c"
*May 22 15:43:51.416: RADIUS:  Called-Station-Id   [30]  5   "mpd"
*May 22 15:43:51.416: RADIUS:  Service-Type        [6]   6
Framed                    [2]
*May 22 15:43:51.416: RADIUS:  NAS-IP-Address      [4]   6   10.3.2.130

*May 22 15:43:52.084: RADIUS: Received from id 21646/45 10.3.2.127:1812,
Access-Accept, len 71
*May 22 15:43:52.084: RADIUS:  authenticator A4 72 E4 2B 33 5E B8 AF - AB 4A
21 26 69 66 EB E3
*May 22 15:43:52.084: RADIUS:  Service-Type        [6]   6
Administrative            [6]
*May 22 15:43:52.084: RADIUS:  Framed-Protocol     [7]   6
PPP                       [1]
*May 22 15:43:52.084: RADIUS:  Framed-IP-Address   [8]   6   10.10.10.45

*May 22 15:43:52.084: RADIUS:  Framed-IP-Netmask   [9]   6   255.240.0.0

*May 22 15:43:52.084: RADIUS:  Framed-Routing      [10]  6
3
*May 22 15:43:52.088: RADIUS:  Filter-Id           [11]  9
*May 22 15:43:52.088: RADIUS:   73 74 64 2E 70 70
70                             [std.ppp]
*May 22 15:43:52.088: RADIUS:  Framed-MTU          [12]  6
1500
*May 22 15:43:52.088: RADIUS:  Framed-Compression  [13]  6   VJ TCP/IP
Header Compressi[1]
*May 22 15:43:52.088: AAA/ATTR(00000132): free all lists: 644B8774
*May 22 15:43:52.088: AAA/ATTR(00000132): del attr: 644B878C 0 00000002
Framed-Protocol(62) 4 PPP
*May 22 15:43:52.088: AAA/ATTR(00000132): del attr: 644B87A0 0 00000009
username(318) 5 coroy
*May 22 15:43:52.088: AAA/ATTR(00000132): del attr: 644B87B4 0 00000009
password(226) 8 70 61 73 73 77 6F 72 64
*May 22 15:43: 52.088: AAA/ATTR(00000132): new list: 64596DB4
*May 22 15:43:52.088: RADIUS(00000132): Received from id 21646/45
*May 22 15:43:52.088: AAA/ATTR(00000132): cursor init: 64588A50 64596DB4
none none
*May 22 15:43:52.088 : AAA/ATTR(00000000): add attr: 64596DCC 0 00000001
service-type(245) 4 Administrative
*May 22 15:43:52.088: AAA/ATTR(00000000): add attr: 64596DE0 0 00000001
Framed-Protocol(62) 4 PPP
*May 22 15:43:52.088: AAA/ATTR(00000000): add attr: 64596DF4 0 00000001
addr(5) 4 10.10.10.45
*May 22 15:43:52.088: AAA/ATTR(00000000): add attr: 64596E08 0 00000009
route(272) 20 10.0.0.0 255.240.0.0
*May 22 15:43:52.088: AAA/ATTR(00000000): add attr: 64596E1C 0 00000001
netmask(215) 4 255.240.0.0
*May 22 15:43:52.088: AAA/ATTR(00000000): add attr: 64596E30 0 00000001
routing(281) 4 TRUE
*May 22 15:43:52.088: RADIUS/DECODE: invalid ACL type; FAIL
*May 22 15:43:52.088: RADIUS/DECODE: decoder; FAIL
*May 22 15:43:52.088: RADIUS/DECODE: attribute Filter-Id; FAIL
*May 22 15:43:52.088: RADIUS/DECODE: parse response op decode; FAIL
*May 22 15:43:52.088: RADIUS/DECODE: parse response; FAIL
*May 22 15:43:52.088: AAA/ID(00000132): Setting connection progress = 101
*May 22 15:43:52.088: AAA SRV(00000132): protocol reply FAIL for
Authentication
*May 22 15:43:52.088: AAA SRV(00000132): Authen method=NOT_SET - No methods
left to try
*May 22 15:43:52.088: AAA SRV(00000132): Return Authentication status=FAIL
*May 22 15:43:52.088: ppp253 PPP: Received LOGIN Response FAIL
*May 22 15:43:52.088: AAA/ATTR(00000132): copy lists
*May 22 15:43:52.088: AAA/ATTR(00000132): new list: 644B8774 old list:
64596DB4
*May 22 15:43:52.088: AAA/ATTR(00000132): cursor init: 6436F110 644B8774
none none
*May 22 15:43:52.088: AAA/ATTR(00000132): find :timeout(303):  not found
*May 22 15:43:52.088: AAA/ATTR(00000132): cursor init: 6436F100 644B8774
none unknown
*May 22 15:43:52.088: AAA/ATTR(00000132): find next matching service=none,
protocol=unknown
*May 22 15:43:52.088: AAA/ATTR(00000132):  service-type ok
*May 22 15:43:52.088: AAA/ATTR(00000132): find next matching service=none,
protocol=unknown
*May 22 15:43:52.088: AAA/ATTR(00000132):  Framed-Protocol ok
*May 22 15:43:52.088: AAA/ATTR(00000132): find next matching service=none,
protocol=unknown
*May 22 15:43:52.088: AAA/ATTR(00000132):  addr ok
*May 22 15:43:52.088: AAA/ATTR(00000132): find next matching service=none,
protocol=unknown
*May 22 15:43:52.088: AAA/ATTR(00000132):  route protocol:ip ok
*May 22 15:43:52.088: AAA/ATTR(00000132): find next matching service=none,
protocol=unknown
*May 22 15:43:52.088: AAA/ATTR(00000132):  netmask ok
*May 22 15:43:52.088: AAA/ATTR(00000132): find next matching service=none,
protocol=unknown
*May 22 15:43:52.088: AAA/ATTR(00000132):  routing ok
*May 22 15:43:52.088: AAA/ATTR(00000132): find next matching service=none,
protocol=unknown
*May 22 15:43:52.088: AAA/ATTR(00000132): not found
*May 22 15:43:52.088: AAA/ATTR(00000132): cursor init: 6436F058 644B8774
none unknown
*May 22 15:43:52.088: AAA/ATTR(00000132): find :reply-message(194):  not
found
*May 22 15:43:52.088: ppp253 PAP: O AUTH-NAK id 186 len 26 msg is
"Authentication failed"
*May 22 15:43:52.088: L2X: UDP socket write 66 bytes, 10.3.2.130(1701) to
10.3.2.126(54959)
*May 22 15:43:52.092 : AAA/ID(00000132): Setting disconnect: abort = 25/PPP
PAP Fail, terminate = 17/user-error
*May 22 15:43:52.092: AAA/ATTR(00000132): new list: 64584098
*May 22 15:43:52.092: AAA/ATTR(00000132): add attr: 645840B0 0 00000009
username(318) 5 coroy
*May 22 15:43:52.092: AAA/ACCT/EVENT/(00000132): NET DOWN
*May 22 15:43:52.092: AAA/ATTR(00000132): cursor init: 6436EC38 64584098
none none
*May 22 15:43:52.092: AAA/ATTR(00000132): find next matching service=none,
protocol=none
*May 22 15:43:52.092: AAA/ATTR(00000132):  username ok
*May 22 15:43:52.092: AAA/ATTR(00000132): find next matching service=none,
protocol=none
*May 22 15:43:52.092: AAA/ATTR(00000132): not found
*May 22 15:43: 52.092: AAA/ACCT/NET(00000132): Method list not found
*May 22 15:43:52.092: AAA/ATTR(00000132): free all lists: 64599260
*May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 64599278 0 00000001
session-id(293) 4 390(186)
*May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 6459928C 0 00000009
tunnel-server-endpoint(311) 10 10.3.2.130
*May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 645992A0 0 00000009
tunnel-client-endpoint(305) 10 10.3.2.126
*May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 645992B4 0 00000009
vpdn-group(324) 3 mpd
*May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 645992C8 0 00000001
tunnel-type(316) 4 l2tp
*May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 645992DC 0 00000009
tunnel-connection-id(312) 7 1890042
*May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 645992F0 0 00000009
tunnel-id(306) 21 host-lac.kamisaki.net
*May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 64599304 0 00000009
gw-name(307) 6 Router
*May 22 15:43:52.092: AAA/ACCT(00000132): del node, session 390
*May 22 15:43:52.092: AAA/ACCT/NET(00000132): free_rec, count 0
*May 22 15:43:52.092: AAA/ACCT/NET(00000132) reccnt 0, csr FALSE, osr 0
*May 22 15:43:52.092: AAA/ATTR(00000132): free all lists: 64584098
*May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 645840B0 0 00000009
username(318) 5 coroy
*May 22 15:43:52.092: AAA/ATTR(00000132): free all lists: 644B8774
*May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 644B878C 0 00000001
service-type(245) 4 Administrative
*May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 644B87A0 0 00000001
Framed-Protocol(62) 4 PPP
*May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 644B87B4 0 00000001
addr(5) 4 10.10.10.45
*May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 644B87C8 0 00000009
route(272) 20 10.0.0.0 255.240.0.0
*May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 644B87DC 0 00000001
netmask(215) 4 255.240.0.0
*May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 644B87F0 0 00000001
routing(281) 4 TRUE
*May 22 15:43:52.092: ppp253 PPP: aaa-id := 0x0 reset
*May 22 15:43:52.092: ppp253 PPP: mlp-aaa-id := 0x0 reset
*May 22 15:43:52.092: ppp253 PPP: aaa-id := 0x0 reset
*May 22 15:43:52.092: ppp253 PPP: mlp-aaa-id := 0x0 reset
*May 22 15:43:52.092: AAA/ATTR(00000132): free all lists: 64596DB4
*May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 64596DCC 0 00000001
service-type(245) 4 Administrative
*May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 64596DE0 0 00000001
Framed-Protocol(62) 4 PPP
*May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 64596DF4 0 00000001
addr(5) 4 10.10.10.45
*May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 64596E08 0 00000009
route(272) 20 10.0.0.0 255.240.0.0
*May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 64596E1C 0 00000001
netmask(215) 4 255.240.0.0
*May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 64596E30 0 00000001
routing(281) 4 TRUE
*May 22 15:43:52.092: AAA/ATTR(00000132): free all lists: 6459A2A8
*May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 6459A2C0 0 00000001
port-type(156) 4 Virtual Terminal
*May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 6459A2D4 0 00000009
interface(152) 15 Uniq-Sess-ID253
*May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 6459A2E8 0 00000009
clid(25) 12 000c2965075c
*May 22 15:43:52.092: AAA/ATTR(00000132): del attr: 6459A2FC 0 00000009
dnis(36) 3 mpd


-----------------------
Freeradius log:

rad_recv: Access-Request packet from host 10.3.2.130:21645, id=228,
length=94
        Framed-Protocol = PPP
        User-Name = "coroy"
        User-Password = "password"
        NAS-Port-Type = Virtual
        NAS-Port = 160
        Calling-Station-Id = "000c2965075c"
        Called-Station-Id = "mpd"
        Service-Type = Framed-User
        NAS-IP-Address = 10.3.2.130
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 12
  modcall[authorize]: module "preprocess" returns ok for request 12
  modcall[authorize]: module "chap" returns noop for request 12
  modcall[authorize]: module "mschap" returns noop for request 12
    rlm_realm: No '@' in User-Name = "coroy", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 12
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 12
    users: Matched entry coroy at line 90
  modcall[authorize]: module "files" returns ok for request 12
modcall: leaving group authorize (returns ok) for request 12
  rad_check_password:  Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 228 to 10.3.2.130 port 21645
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Framed-IP-Address = 10.10.10.45
        Framed-IP-Netmask = 255.240.0.0
        Framed-Routing = Broadcast-Listen
        Framed-Filter-Id = " std.ppp"
        Framed-MTU = 1500
        Framed-Compression = Van-Jacobson-TCP-IP
Finished request 12

----------------------------
Cisco configuration:

Using 2475 out of 129016 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot system flash slot0:c7200-js-mz.123-1.bin
enable secret 5 $1$..Q4$R03cMosO4XOmURBY6wQWo/
!
username admin privilege 15 password 0 xxxpass
username test password 0 test
username LAC-1 password 0 secret
username multihop password 0 secret
username Tunnel-Switch-In password 0 Secret2
username Tunnel-Switch-Out password 0 secret3
username coroy password 0 password
aaa new-model
!
aaa group server radius user-radius
 server 10.3.2.127 auth-port 1812 acct-port 1813
!
aaa authentication login default local-case
aaa authentication enable default enable
aaa authentication ppp default group user-radius
aaa authorization config-commands
aaa authorization exec default local
aaa authorization network default group user-radius
aaa accounting exec default start-stop group user-radius
aaa session-id common
ip subnet-zero
!
!
ip name-server 10.1.0.5
ip name-server 10.1.0.11
!
ip cef
vpdn enable
vpdn source-ip 10.3.2.130
vpdn logging
vpdn logging local
vpdn logging remote
vpdn logging user
vpdn logging tunnel-drop
vpdn search-order domain
!
vpdn-group mpd
 accept-dialin
  protocol l2tp
  virtual-template 1
 terminate-from hostname host-lac.kamisaki.net
 lcp renegotiation on-mismatch
 l2tp tunnel password 7 071C2E40470D1E040317
!
mpls ldp logging neighbor-changes
!
!
!
!
!
!
!
!
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
!
!
!
!
interface Loopback0
 no ip address
!
interface FastEthernet0/0
 ip address 10.3.2.130 255.240.0.0
 duplex half
!
interface Virtual-Template1
 ip unnumbered FastEthernet0/0
 peer default ip address pool ip_pool
 no keepalive
 ppp authentication pap user-radius
 ppp authorization user-radius
!
ip local pool ip_pool 10.10.10.2 10.10.10.6
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.0.10
no ip http server
!
!
!
!
!
radius-server attribute nas-port format c
radius-server host 10.3.2.127 auth-port 1812 acct-port 1813
radius-server key radpass
radius-server authorization permit missing Service-Type
!
!
dial-peer cor custom
!
!
!
!
gatekeeper
 shutdown
!
!
line con 0
line aux 0
 transport output lat pad v120 mop telnet rlogin udptn
 stopbits 1
line vty 0 4
 session-timeout 20
 transport input lat pad v120 mop telnet rlogin udptn
 transport output lat pad v120 mop telnet rlogin udptn
!
!
!
end
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070711/c7d975c4/attachment.html>

More information about the Freeradius-Users mailing list