NAS ignoring Access-Accept
tnt at kalik.co.yu
tnt at kalik.co.yu
Mon May 21 19:58:56 CEST 2007
Run debug radius on Cisco. You are missing a key (shared secret) in
radius-server host ... statement. See if that is the problem.
Ivan Kalik
Kalik Informatika ISP
Dana 21/5/2007, "Wolfgang Rosenauer" <wolfgang at rosenauer.org> piše:
>Hi,
>
>I'm not sure if I run into a Cisco or Freeradius issue here.
>
>I try to migrate from icradius to freeradius and everything worked in
>the new configuration when I tried with NTRadPing and so I'm switched
>the Cisco NAS to the new server.
>Unfortunately the NAS is ignoring the Access-Accept replies and always
>denies login attempts.
>That worked correctly with icradius and the NAS config changed only the
>ip address of the radius server.
>My first guess was an ip source issue but my server only has one ip
>address (and IPv6 ones but radiusd is only listening on 0.0.0.0) and
>freeradius is compiled with --with-udpfromto.
>
>Here are parts of my Cisco config:
>
>aaa authentication ppp default if-needed radius local
>aaa authorization network default radius local
>aaa accounting update newinfo
>aaa accounting exec default start-stop radius
>aaa accounting network default start-stop radius
>aaa accounting connection default start-stop radius
>
>radius-server configure-nas
>radius-server host a.b.c.d auth-port 1812 acct-port 1813 non-standard
>radius-server timeout 3
>radius-server vsa send accounting
>
>I ran radiusd -X and saw that freeradius sent an Access-Accept reply to
>the NAS' ip address and source port.
>
>Any ideas?
>
>
>Thanks,
> Wolfgang
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list