05-14-2006 06:27 PM - edited 03-10-2019 02:35 PM
I'm using a radius server to control telnet access to my infrstructure devices. Since enabling this, I can no longer log in via CNA. Have tried using http auth local aswell as via Radius.
My config is thus:
aaa new-model
aaa authentication login default group radius local
aaa authentication enable default group radius enable
aaa authorization exec default group radius local
ip http server
ip http authentication aaa
radius-server host x.x.x.x auth-port 1645 acct-port 1646
radius-server source-ports 1645-1646
radius-server directed-request
radius-server key 7 xxxxxx
When I debug radius auth I get the following - note the line:type, "radius-server attribute 6 on-for-login-auth" is off.
I can't see what I've done wrong. Any ideas?
debug radius auth:
138905850: 1y2w: RADIUS/ENCODE(00000000): dropping service type, "radius-server attribute 6 on-for-login-auth" is off
138905851: 1y2w: RADIUS(00000000): Config NAS IP: 0.0.0.0
138905852: 1y2w: RADIUS(00000000): sending
138905853: 1y2w: RADIUS/ENCODE: Best Local IP-Address x.x.x.x for Radius-Server x.x.x.x
138905854: 1y2w: RADIUS(00000000): Send Access-Request to x.x.x.x:1645 id 1645/56, len 53
138905855: 1y2w: RADIUS: authenticator B9 CA 82 45 46 B5 3A CD - D9 FB DC 20 C9 75 67 F5
138905856: 1y2w: RADIUS: User-Name [1] 9 "uid"
138905857: 1y2w: RADIUS: User-Password [2] 18 *
138905858: 1y2w: RADIUS: NAS-IP-Address [4] 6 x.x.x.x
138905859: 1y2w: RADIUS: Received from id 1645/56 x.x.x.x:1645, Access-Accept, len 51
138905860: 1y2w: RADIUS: authenticator 04 30 24 7E 88 4E 49 E2 - C2 01 65 FC 1F 2C EF 59
138905861: 1y2w: RADIUS: Vendor, Cisco [26] 25
138905862: 1y2w: RADIUS: Cisco AVpair [1] 19 "shell:priv-lvl=15"
138905863: 1y2w: RADIUS: Service-Type [6] 6 Login [1]
138905864: 1y2w: RADIUS(00000000): Received from id 1645/56
05-14-2006 09:58 PM
Hi,
What is the value set under Group Settings for Radius AV Pair for attribute 6 (Service-Type)?
# In a request:
- FramedFor known PPP or SLIP (Serial Line Internet Protocol) connection.
- Administrative UserFor enable command.
# In a response:
- LoginMake a connection.
- FramedStart SLIP or PPP.
- Administrative UserStart an EXEC or enable ok.
- Exec UserStart an EXEC session.
Rgds,
AK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide