Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Radius wont Authenticate Default Users

I am using free radius on ubuntu 12.04 LTS. 

The AAA configs I have, I  used on all of my Layer 2 devices, and it works successfully, however I can not get users to authenticate on a Layer 3 device.... here is some info... I can ping to and from my server, also I have rules on the asa 5510 allowing devices to talk to the radius server... as well as an access-list permit on the router....what am I missing. 

 

Cisco Internetwork Operating System Software
IOS (tm) s72033_rp Software (s72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(18)SXF13, RELEASE SOFTWARE (fc1)

 

 

the configs---

aaa new-model

aaa group server radius RadiusGrp

 server X.X.X.X auth-port 1812 acct-port 1813

!

aaa authentication login default group RadiusGrp

aaa authorization exec default group RadiusGrp

aaa accounting exec default start-stop group RadiusGrp

aaa accounting system default start-stop group RadiusGrp

radius-server host X.X.X.X auth-port 1812 acct-port 1813 key secret

radius-server retransmit 3

 

Debugging AAA authentication ---

May  1 13:22:24: AAA/AUTHEN/START (3020837816): port='tty1' list='' action=LOGIN service=LOGIN

May  1 13:22:24: AAA/AUTHEN/START (3020837816): using "default" list

May  1 13:22:24: AAA/AUTHEN/START (3020837816): Method=RadiusGrp (radius)

May  1 13:22:24: AAA/AUTHEN (3020837816): status = GETUSER

May  1 13:22:26: AAA/AUTHEN/CONT (3020837816): continue_login (user='(undef)')

May  1 13:22:26: AAA/AUTHEN (3020837816): status = GETUSER

May  1 13:22:26: AAA/AUTHEN (3020837816): Method=RadiusGrp (radius)

May  1 13:22:26: AAA/AUTHEN (3020837816): status = GETPASS

May  1 13:22:30: AAA/AUTHEN/CONT (3020837816): continue_login (user='thull')

May  1 13:22:30: AAA/AUTHEN (3020837816): status = GETPASS

May  1 13:22:30: AAA/AUTHEN (3020837816): Method=RadiusGrp (radius)

May  1 13:22:51: AAA/AUTHEN (3020837816): status = ERROR

May  1 13:22:51: AAA/AUTHEN/START (2366780039): port='tty1' list='' action=LOGIN service=LOGIN

May  1 13:22:51: AAA/AUTHEN/START (2366780039): Restart

May  1 13:22:51: AAA/AUTHEN/START (2366780039): no methods left to try

May  1 13:22:51: AAA/AUTHEN (2366780039): status = ERROR

May  1 13:22:51: AAA/AUTHEN/START (2366780039): failed to authenticate

May  1 13:22:53: AAA/MEMORY: free_user_quiet (0x44BFCBB8) user='thull' ruser='NULL' port='tty1' rem_addr='X.X.X.X' authen_type=1 service=1 priv=1

May  1 13:22:53: AAA: parse name=tty1 idb type=-1 tty=-1

May  1 13:22:53: AAA: name=tty1 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=1 channel=0

May  1 13:22:53: AAA/MEMORY: create_user (0x44BFCBB8) user='NULL' ruser='NULL' ds0=0 port='tty1' rem_addr='X.X.X.X.' 100authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)

May  1 13:22:53: AAA/AUTHEN/START (1597653700): port='tty1' list='' action=LOGIN service=LOGIN

May  1 13:22:53: AAA/AUTHEN/START (1597653700): using "default" list

May  1 13:22:53: AAA/AUTHEN/START (1597653700): Method=RadiusGrp (radius)

May  1 13:22:53: AAA/AUTHEN (1597653700): status = GETUSER

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Silver

It seems that your radius

It seems that your radius server is not listening on udp 1812 port. Try to use 1645 and 1646 port for radius authen/author and accounting respectively and also apply firewall rules to allow traffic on these udp ports.

HTH

"Please rate helpful posts"

1 REPLY
Silver

It seems that your radius

It seems that your radius server is not listening on udp 1812 port. Try to use 1645 and 1646 port for radius authen/author and accounting respectively and also apply firewall rules to allow traffic on these udp ports.

HTH

"Please rate helpful posts"

278
Views
0
Helpful
1
Replies
CreatePlease to create content