[prev in list] [next in list] [prev in thread] [next in thread]
List: cistron-radius
Subject: Cisco IOS12.1(2)T / Network Authorization
From: Horia Chirculescu <horia () ct2 ! eltop ! ro>
Date: 2001-02-27 15:02:02
[Download RAW message or body]
If I configure the router to use radius for authentication
(aaa authorization network default group radius), nobody can start a ppp
session anymore.
Debugging info: (with:
aaa authorization is on
aaa per-user is on
)
AAA/AUTHOR/PPP: send AV service=ppp
send AV protocol=ip
... send AV routing*true
... found list "default"
... Method=radius (radius)
AAA/AUTHOR Post authorization status=FAIL
AAA/AUTHOR/SLIP Async13 : denied
And the interface goes down.
I attached the users file from radiusd-cistron (1.6.4) that I curentlly
use.
All of that is to setup an e-mail only account (and a lot of other things
cam be made with virtual profiles...)
Any ideas?
Have a nice day!
____ ____ o ~
// // / __ \ // \ // //'''' //\\
//_____// / / / / //___ / // // // \\
// // / /_/ / // \ // // //____\\
// // \____/ // \ // \\.... // \\
------------------------------------------------------------------------
Comtec Net Romania
----------------------------------------------------
WEB: www.eltop.ro IRC: irc.eltop.ro NEWS: news.eltop.ro
----------------------------------------------------
Horia Chirculescu root@eltop.ro
Mobil: +40 93 205 086
["users" (TEXT/PLAIN)]
#
# This file contains security and configuration information
# for each user. The first field is the user's name and
# can be up to 8 characters in length. This is followed (on
# the same line) with the list of authentication requirements
# for that user. This can include password, comm server name,
# comm server port number, protocol type (perhaps set by the "hints"
# file), and huntgroup name (set by the "huntgroups" file).
#
# When an authentication request is received from the comm server,
# these values are tested. Only the first match is used unless the
# "Fall-Through" variable is set to "Yes".
#
# A special user named "DEFAULT" matches on all usernames.
# You can have several DEFAULT entries. All entries are processed
# in the order they appear in this file. The first entry that
# matches the login-request will stop processing unless you use
# the Fall-Through variable.
#
# If you use the database support to turn this file into a .db or .dbm
# file, the DEFAULT entries _have_ to be at the end of this file and
# you can't have multiple entries for one username.
#
# You don't need to specify a password if you set Auth-Type = System
# on the list of authentication requirements. The RADIUS server
# will then check the system password file.
#
# Indented (with the tab character) lines following the first
# line indicate the configuration values to be passed back to
# the comm server to allow the initiation of a user session.
# This can include things like the PPP configuration values
# or the host to log the user onto.
#
# You can include another `users' file with `$INCLUDE users.other'
#
#
# This is a complete entry for "steve". Note that there is no Fall-Through
# entry so that no DEFAULT entry will be used.
#
#horia Auth-Type = Local, Password = "horia"
# Service-Type = Framed-User,
# Framed-Protocol = PPP,
# Framed-IP-Address = 172.16.3.33,
# Framed-IP-Netmask = 255.255.255.0,
# Framed-Routing = Broadcast-Listen,
# Framed-MTU = 1500,
# Framed-Compression = Van-Jacobson-TCP-IP,
# Fall-Through = 1
#
############### Utilizator de mail...
############### Trebuie sa faca parte din grupul 80
#email Auth-Type = System
# Framed-Filter-Id = "160.in"
# Framed-Filter-Id = "161.out"
# Fall-Through = 1
############### Utilizator de noapte...
############### Trebuie sa faca parte din grupul 70
#noapte Auth-Type = System, Group = "bluenight"
# Fall-Through = 1
#
#
#
# The rest of this file contains the several DEFAULT entries.
# DEFAULT entries match with all login names.
# Note that DEFAULT entries can also Fall-Through (see first entry).
# A name-value pair from a DEFAULT entry will _NEVER_ override
# an already existing name-value pair.
#
#
# First setup all accounts to be checked against the UNIX /etc/passwd.
# (Unless a password was already given earlier in this file).
#
# Un grup care nu poate sa se logheze...
#
DEFAULT Group = "neplata", Auth-Type = Reject
Reply-Message = "Datorita neplatii, nu aveti acces in reteaua noastra!",
Fall-Through = 0
DEFAULT Auth-Type = System
Fall-Through = 1
DEFAULT Simultaneous-Use = 1
Fall-Through = 1
################ De aici incolo corelez /etc/group cu tipurile de abonament
DEFAULT Group = "bluenight", Login-Time = "Mo-Su 2300-0700"
Fall-Through = 1
DEFAULT Group = "weekend", Login-Time = "Sa-Su 0800-2000"
Fall-Through = 1
DEFAULT Group = "worktime", Login-Time = "Mo-Su 0900-1500"
Fall-Through = 1
DEFAULT Group = "mailonly"
User-Service-Type = Framed-User,
Framed-Protocol = PPP,
########Filter-Id = "160.in",
Cisco-AVPair = "ip:inacl#1=permit udp any 194.153.230.200 eq \
domain\nip:inacl#1=permit tcp any 194.153.230.200 eq domain\nip:inacl#1=permit ip any \
host 194.254.230.245 log\nip:inacl#1 deny ip any any", Fall-Through = 0
#
# Defaults for all framed connections.
#
#DEFAULT Service-Type = Framed-User
# Framed-Protocol = PPP,
## Framed-IP-Address = 194.153.230.160+,
# Framed-IP-Netmask = 255.255.255.128,
# Framed-Routing = Broadcast-Listen,
# Framed-MTU = 576,
# Framed-Compression = Van-Jacobson-TCP-IP,
# Service-Type = Framed-User,
# Fall-Through = Yes
# Set up different IP address pools for the terminal servers.
# Note that the "+" behind the IP address means that this is the "base"
# IP address. The Port-Id (S0, S1 etc) will be added to it.
#
#DEFAULT Service-Type = Framed-User, Huntgroup-Name = "cisco"
# Framed-IP-Address = 194.153.230.160+,
# Fall-Through = Yes
#
#DEFAULT Service-Type = Framed-User, Huntgroup-Name = "ciscoplus"
# Framed-IP-Address = 194.153.230.176+,
# Fall-Through = Yes
#
# Default for PPP: dynamic IP address, PPP mode, VJ-compression.
# NOTE: we do not use Hint = "PPP", since PPP might also be auto-detected
# by the terminal server in which case there may not be a "P" suffix.
# The terminal server sends "Framed-Protocol = PPP" for auto PPP.
#
DEFAULT Framed-Protocol = PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
#
# Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression.
#
DEFAULT Hint = "CSLIP"
Framed-Protocol = SLIP,
Framed-Compression = Van-Jacobson-TCP-IP
#
# Default for SLIP: dynamic IP address, SLIP mode.
#
DEFAULT Hint = "SLIP"
Framed-Protocol = SLIP
# On no match, the user is denied access.
-
Please read this lists info at http://www.miquels.cistron.nl/radius/list/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic