Hi,

Here the debug information Part 1 (because of size)

Citrix#sh debugging

General OS:

AAA Authentication debugging is on

AAA Authorization debugging is on

PPP:

PPP authentication debugging is on

PPP protocol negotiation debugging is on

Radius protocol debugging is on

Radius packet protocol debugging is on

Citrix#

May 26 11:01:23: AAA/ACCT/DS0: channel=0, ds1=0, t3=0, slot=0, ds0=0

May 26 11:01:23: %LINK-3-UPDOWN: Interface Serial0/0:0, changed state to up

May 26 11:01:23: Se0/0:0 PPP: Authorization required

May 26 11:01:23: Se0/0:0 PPP: Treating connection as a callin

May 26 11:01:23: Se0/0:0 PPP: Phase is ESTABLISHING, Passive Open

May 26 11:01:23: Se0/0:0 LCP: State is Listen

May 26 11:01:23: Se0/0:0 LCP: I CONFREQ [Listen] id 0 len 44

May 26 11:01:23: Se0/0:0 LCP: MagicNumber 0x15C466A0 (0x050615C466A0)

May 26 11:01:23: Se0/0:0 LCP: PFC (0x0702)

May 26 11:01:23: Se0/0:0 LCP: ACFC (0x0802)

May 26 11:01:23: Se0/0:0 LCP: Callback 6 (0x0D0306)

May 26 11:01:23: Se0/0:0 LCP: MRRU 1614 (0x1104064E)

May 26 11:01:23: Se0/0:0 LCP: EndpointDisc 1 Local

May 26 11:01:23: Se0/0:0 LCP: (0x13170127C0A489CAEA4C59958073E82C)

May 26 11:01:23: Se0/0:0 LCP: (0xDA871B00000000)

May 26 11:01:23: Se0/0:0 LCP: O CONFREQ [Listen] id 46 len 14

May 26 11:01:23: Se0/0:0 LCP: AuthProto PAP (0x0304C023)

May 26 11:01:23: Se0/0:0 LCP: MagicNumber 0xC3B18B89 (0x0506C3B18B89)

May 26 11:01:23: Se0/0:0 LCP: O CONFREJ [Listen] id 0 len 8

May 26 11:01:23: Se0/0:0 LCP: MRRU 1614 (0x1104064E)

May 26 11:01:23: Se0/0:0 LCP: I CONFACK [REQsent] id 46 len 14

May 26 11:01:23: Se0/0:0 LCP: AuthProto PAP (0x0304C023)

May 26 11:01:23: Se0/0:0 LCP: MagicNumber 0xC3B18B89 (0x0506C3B18B89)

May 26 11:01:23: Se0/0:0 LCP: I CONFREQ [ACKrcvd] id 1 len 40

May 26 11:01:23: Se0/0:0 LCP: MagicNumber 0x15C466A0 (0x050615C466A0)

May 26 11:01:23: Se0/0:0 LCP: PFC (0x0702)

May 26 11:01:23: Se0/0:0 LCP: ACFC (0x0802)

May 26 11:01:23: Se0/0:0 LCP: Callback 6 (0x0D0306)

May 26 11:01:23: Se0/0:0 LCP: EndpointDisc 1 Local

May 26 11:01:23: Se0/0:0 LCP: (0x13170127C0A489CAEA4C59958073E82C)

May 26 11:01:23: Se0/0:0 LCP: (0xDA871B00000000)

May 26 11:01:23: Se0/0:0 LCP: O CONFACK [ACKrcvd] id 1 len 40

May 26 11:01:23: Se0/0:0 LCP: MagicNumber 0x15C466A0 (0x050615C466A0)

May 26 11:01:23: Se0/0:0 LCP: PFC (0x0702)

May 26 11:01:23: Se0/0:0 LCP: ACFC (0x0802)

May 26 11:01:23: Se0/0:0 LCP: Callback 6 (0x0D0306)

May 26 11:01:23: Se0/0:0 LCP: EndpointDisc 1 Local

May 26 11:01:23: Se0/0:0 LCP: (0x13170127C0A489CAEA4C59958073E82C)

May 26 11:01:23: Se0/0:0 LCP: (0xDA871B00000000)

May 26 11:01:23: Se0/0:0 LCP: State is Open

May 26 11:01:23: Se0/0:0 PPP: Phase is AUTHENTICATING, by this end

May 26 11:01:23: Se0/0:0 LCP: I IDENTIFY [Open] id 2 len 18 magic 0x15C466A0 MSRASV5.00

May 26 11:01:23: Se0/0:0 LCP: I IDENTIFY [Open] id 3 len 22 magic 0x15C466A0 MSRAS-1-DT0027

May 26 11:01:23: Se0/0:0 PAP: I AUTH-REQ id 0 len 25 from "BoetsRu"

May 26 11:01:23: Se0/0:0 PAP: Authenticating peer BoetsRu

May 26 11:01:23: AAA/AUTHEN/PPP (000000B3): Pick method list 'default'

May 26 11:01:23: Se0/0:0 PPP: Sent PAP LOGIN Request to AAA

May 26 11:01:23: RADIUS/ENCODE(000000B3): acct_session_id: 179

May 26 11:01:23: RADIUS(000000B3): sending

May 26 11:01:23: RADIUS: Send to unknown id 148 192.168.0.22:1645, Access-Request, len 99

May 26 11:01:23: RADIUS: authenticator B9 5E 51 6C 03 CC DF 39 - C0 57 2C 41 64 CA A6 CF

May 26 11:01:23: RADIUS: Framed-Protocol [7] 6 PPP [1]

May 26 11:01:23: RADIUS: User-Name [1] 9 "BoetsRu"

May 26 11:01:23: RADIUS: User-Password [2] 18 *

May 26 11:01:23: RADIUS: NAS-Port [5] 6 20000

May 26 11:01:23: RADIUS: NAS-Port-Type [61] 6 ISDN [2]

May 26 11:01:23: RADIUS: Called-Station-Id [30] 11 "598468583"

May 26 11:01:23: RADIUS: Calling-Station-Id [31] 11 "598423582"

May 26 11:01:23: RADIUS: Service-Type [6] 6 Framed [2]

May 26 11:01:23: RADIUS: NAS-IP-Address [4] 6 192.168.10.251

May 26 11:01:23: RADIUS: Received from id 148 192.168.0.22:1645, Access-Accept, len 94

May 26 11:01:23: RADIUS: authenticator D9 B9 8F 46 8D A0 D9 74 - 04 35 77 05 E2 46 6E 41

May 26 11:01:23: RADIUS: Framed-Protocol [7] 6 PPP [1]

May 26 11:01:23: RADIUS: Port-Limit [62] 6 1

May 26 11:01:23: RADIUS: Service-Type [6] 6 Callback Framed [4]

May 26 11:01:23: RADIUS: Class [25] 32

May 26 11:01:23: RADIUS: 47 73 05 33 00 00 01 37 00 01 C0 A8 00 16 01 C3 [Gs?3???7????????]

May 26 11:01:23: RADIUS: 1F C9 69 51 7C 02 00 00 00 00 00 00 [??iQ|???????]

May 26 11:01:23: RADIUS: Vendor, Microsoft [26] 12

May 26 11:01:23: RADIUS: MS-MPPE-Enc-Policy [7] 6

May 26 11:01:23: RADIUS: 00 [?]

May 26 11:01:23: RADIUS: Vendor, Microsoft [26] 12

May 26 11:01:23: RADIUS: MS-MPPE-Enc-Type [8] 6

May 26 11:01:23: RADIUS: 00 [?]

May 26 11:01:23: RADIUS: Received from id B3

May 26 11:01:23: Se0/0:0 PPP: Received LOGIN Response from AAA = PASS

May 26 11:01:23: Se0/0:0 PPP/AAA: Check Attr: Framed-Protocol

May 26 11:01:23: Se0/0:0 PPP/AAA: Check Attr: Port-Limit

May 26 11:01:23: Se0/0:0 PPP/AAA: Check Attr: service-type

May 26 11:01:23: Se0/0:0 AAA/AUTHOR/LCP: Process Author

May 26 11:01:23: Se0/0:0 PAP: O AUTH-ACK id 0 len 5

May 26 11:01:23: Se0/0:0 MCB: Callback not authorized for this user BoetsRu

May 26 11:01:23: Serial0/0:0 PPP: O MCB Request(1) id 39 len 6

May 26 11:01:23: Serial0/0:0 MCB: O 1 27 0 6 1 2

May 26 11:01:23: Se0/0:0 MCB: O Request Id 39 Callback Type None

May 26 11:01:23: Se0/0:0 PPP: Phase is CBCP

May 26 11:01:23: Serial0/0:0 PPP: I MCB Response(2) id 39 len 6

May 26 11:01:23: Serial0/0:0 MCB: I 2 27 0 6 1 2

May 26 11:01:23: Se0/0:0 MCB: Received response

May 26 11:01:23: Se0/0:0 MCB: Response CBK-None 1 2

May 26 11:01:23: Serial0/0:0 PPP: O MCB Ack(3) id 40 len 6

May 26 11:01:23: Serial0/0:0 MCB: O 3 28 0 6 1 2

May 26 11:01:23: Se0/0:0 MCB: O Ack Id 40 Callback Type None

May 26 11:01:23: Se0/0:0 MCB: No Callback negotiated; Exit

May 26 11:01:23: Se0/0:0 PPP: Phase is UP

Part 2

PART 2

May 26 11:01:23: Se0/0:0 AAA/AUTHOR/IPCP: FSM authorization not needed

May 26 11:01:23: Se0/0:0 AAA/AUTHOR/FSM: We can start IPCP

May 26 11:01:23: Se0/0:0 IPCP: O CONFREQ [Closed] id 28 len 10

May 26 11:01:23: Se0/0:0 IPCP: Address 10.10.10.62 (0x03060A0A0A3E)

May 26 11:01:23: Se0/0:0 CCP: I CONFREQ [Not negotiated] id 4 len 10

May 26 11:01:23: Se0/0:0 CCP: MS-PPC supported bits 0x00000001 (0x120600000001)

May 26 11:01:23: Se0/0:0 LCP: O PROTREJ [Open] id 47 len 16 protocol CCP(0x80FD0104000A120600000001)

May 26 11:01:23: Se0/0:0 IPCP: I CONFREQ [REQsent] id 5 len 40

May 26 11:01:23: Se0/0:0 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)

May 26 11:01:23: Se0/0:0 IPCP: Address 0.0.0.0 (0x030600000000)

May 26 11:01:23: Se0/0:0 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)

May 26 11:01:23: Se0/0:0 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)

May 26 11:01:23: Se0/0:0 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)

May 26 11:01:23: Se0/0:0 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)

May 26 11:01:23: Se0/0:0 AAA/AUTHOR/IPCP: Start. Her address 0.0.0.0, we want 0.0.0.0

May 26 11:01:23: Se0/0:0 AAA/AUTHOR/IPCP: Authorization succeeded

May 26 11:01:23: Se0/0:0 AAA/AUTHOR/IPCP: Done. Her address 0.0.0.0, we want 0.0.0.0

May 26 11:01:23: Se0/0:0 IPCP: Pool returned 10.10.10.41

May 26 11:01:23: Se0/0:0 AAA/AUTHOR/IPCP: no author-info for primary dns

May 26 11:01:23: Se0/0:0 AAA/AUTHOR/IPCP: no author-info for primary wins

May 26 11:01:23: Se0/0:0 AAA/AUTHOR/IPCP: no author-info for seconday dns

May 26 11:01:23: Se0/0:0 AAA/AUTHOR/IPCP: no author-info for seconday wins

May 26 11:01:23: Se0/0:0 IPCP: O CONFREJ [REQsent] id 5 len 10

May 26 11:01:23: Se0/0:0 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)

May 26 11:01:23: Se0/0:0 IPCP: I CONFACK [REQsent] id 28 len 10

May 26 11:01:23: Se0/0:0 IPCP: Address 10.10.10.62 (0x03060A0A0A3E)

May 26 11:01:23: Se0/0:0 IPCP: I CONFREQ [ACKrcvd] id 6 len 34

May 26 11:01:23: Se0/0:0 IPCP: Address 0.0.0.0 (0x030600000000)

May 26 11:01:23: Se0/0:0 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)

May 26 11:01:23: Se0/0:0 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)

May 26 11:01:23: Se0/0:0 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)

May 26 11:01:23: Se0/0:0 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)

May 26 11:01:23: Se0/0:0 AAA/AUTHOR/IPCP: no author-info for primary dns

May 26 11:01:23: Se0/0:0 AAA/AUTHOR/IPCP: no author-info for primary wins

May 26 11:01:23: Se0/0:0 AAA/AUTHOR/IPCP: no author-info for seconday dns

May 26 11:01:23: Se0/0:0 AAA/AUTHOR/IPCP: no author-info for seconday wins

May 26 11:01:23: Se0/0:0 IPCP: O CONFNAK [ACKrcvd] id 6 len 34

May 26 11:01:23: Se0/0:0 IPCP: Address 10.10.10.41 (0x03060A0A0A29)

May 26 11:01:23: Se0/0:0 IPCP: PrimaryDNS 192.168.0.22 (0x8106C0A80016)

May 26 11:01:23: Se0/0:0 IPCP: PrimaryWINS 192.168.1.2 (0x8206C0A80102)

May 26 11:01:23: Se0/0:0 IPCP: SecondaryDNS 192.168.4.204 (0x8306C0A804CC)

May 26 11:01:23: Se0/0:0 IPCP: SecondaryWINS 192.168.4.200 (0x8406C0A804C8)

May 26 11:01:23: Se0/0:0 IPCP: I CONFREQ [ACKrcvd] id 7 len 34

May 26 11:01:23: Se0/0:0 IPCP: Address 10.10.10.41 (0x03060A0A0A29)

May 26 11:01:23: Se0/0:0 IPCP: PrimaryDNS 192.168.0.22 (0x8106C0A80016)

May 26 11:01:23: Se0/0:0 IPCP: PrimaryWINS 192.168.1.2 (0x8206C0A80102)

May 26 11:01:23: Se0/0:0 IPCP: SecondaryDNS 192.168.4.204 (0x8306C0A804CC)

May 26 11:01:23: Se0/0:0 IPCP: SecondaryWINS 192.168.4.200 (0x8406C0A804C8)

May 26 11:01:23: Se0/0:0 AAA/AUTHOR/IPCP: no author-info for primary dns

May 26 11:01:23: Se0/0:0 AAA/AUTHOR/IPCP: no author-info for primary wins

May 26 11:01:23: Se0/0:0 AAA/AUTHOR/IPCP: no author-info for seconday dns

May 26 11:01:23: Se0/0:0 AAA/AUTHOR/IPCP: no author-info for seconday wins

May 26 11:01:23: Se0/0:0 IPCP: O CONFACK [ACKrcvd] id 7 len 34

May 26 11:01:23: Se0/0:0 IPCP: Address 10.10.10.41 (0x03060A0A0A29)

May 26 11:01:23: Se0/0:0 IPCP: PrimaryDNS 192.168.0.22 (0x8106C0A80016)

May 26 11:01:23: Se0/0:0 IPCP: PrimaryWINS 192.168.1.2 (0x8206C0A80102)

May 26 11:01:23: Se0/0:0 IPCP: SecondaryDNS 192.168.4.204 (0x8306C0A804CC)

May 26 11:01:23: Se0/0:0 IPCP: SecondaryWINS 192.168.4.200 (0x8406C0A804C8)

May 26 11:01:23: Se0/0:0 IPCP: State is Open

May 26 11:01:23: Di1 IPCP: Install route to 10.10.10.41

May 26 11:01:23: Se0/0:0 IPCP: Add link info for cef entry 10.10.10.41

May 26 11:01:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0:0, changed state to up

May 26 11:01:29: %ISDN-6-CONNECT: Interface Serial0/0:0 is now connected to 598423582 BoetsRu

May 26 11:01:37: AAA/AUTHEN/LOGIN (000000B4): Pick method list 'Permanent Local'

May 26 11:01:40: AAA/AUTHOR (000000B4): Method list id=0 not configured. Skip author

May 26 11:01:41: AAA: parse name=tty131 idb type=-1 tty=-1

May 26 11:01:41: AAA: name=tty131 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=131 channel=0

May 26 11:01:41: AAA/MEMORY: create_user (0x6174348C) user='beheer' ruser='NULL' ds0=0 port='tty131'

rem_addr='10.10.10.41' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0'

May 26 11:01:41: AAA/AUTHEN/START (141876048): port='tty131' list='' action=LOGIN service=ENABLE

May 26 11:01:41: AAA/AUTHEN/START (141876048): non-console enable - default to enable password

May 26 11:01:41: AAA/AUTHEN/START (141876048): Method=ENABLE

May 26 11:01:41: AAA/AUTHEN(141876048): Status=GETPASS

May 26 11:01:43: AAA/AUTHEN/CONT (141876048): continue_login (user='(undef)')

May 26 11:01:43: AAA/AUTHEN(141876048): Status=GETPASS

May 26 11:01:43: AAA/AUTHEN/CONT (141876048): Method=ENABLE

May 26 11:01:43: AAA/AUTHEN(141876048): Status=PASS

May 26 11:01:43: AAA/MEMORY: free_user (0x6174348C) user='NULL' ruser='NULL' port='tty131' rem_addr=

'10.10.10.41' authen_type=ASCII service=ENABLE priv=15

May 26 11:03:22: Se0/0:0 LCP: I TERMREQ [Open] id 8 len 16 (0x15C466A0003CCD7400000000)

May 26 11:03:22: Se0/0:0 LCP: O TERMACK [Open] id 8 len 4

May 26 11:03:22: Se0/0:0 IPCP: Remove link info for cef entry 10.10.10.41

May 26 11:03:22: Se0/0:0 IPCP: State is Closed

May 26 11:03:22: Se0/0:0 PPP: Phase is TERMINATING

May 26 11:03:22: Di1 IPCP: Remove route to 10.10.10.41

May 26 11:03:22: %ISDN-6-DISCONNECT: Interface Serial0/0:0 disconnected from 598423582 BoetsRu, cal

l lasted 119 seconds

May 26 11:03:22: %LINK-3-UPDOWN: Interface Serial0/0:0, changed state to down

May 26 11:03:22: Se0/0:0 LCP: State is Closed

May 26 11:03:22: Se0/0:0 PPP: Phase is DOWN

May 26 11:03:22: AAA/ACCT/DS0: channel=0, ds1=0, t3=0, slot=0, ds0=0

Do you have "aaa authorization network" set in your config?

~Zulfi

Yes, i have.

Here the complet config

version 12.2

service exec-callback

service timestamps debug datetime localtime

service timestamps log datetime localtime

no service password-encryption

!

hostname Citrix

!

logging buffered 8000 debugging

aaa new-model

!

!

aaa authentication ppp default group radius

aaa authorization network default group radius

aaa session-id common

enable secret ????????????????????

!

username beheer password ???????????????????????

memory-size iomem 15

modem country mica netherlands

ip subnet-zero

!

!

no ip domain-lookup

!

async-bootp dns-server 192.168.0.22 192.168.4.204

async-bootp nbns-server 192.168.1.2 192.168.4.200

isdn switch-type primary-net5

isdn voice-call-failure 0

isdn tei-negotiation first-call

modemcap entry TAC1:MSC=&F&D2S34=18000S40=10S54=172

!

controller E1 0/0

framing NO-CRC4

pri-group timeslots 1-31

!

!

!

interface FastEthernet0/0

description To LAN

ip address 192.168.10.251 255.255.255.0

speed 100

full-duplex

!

interface Serial0/0:15

no ip address

encapsulation ppp

ip mroute-cache

dialer rotary-group 1

dialer-group 1

isdn switch-type primary-net5

isdn incoming-voice modem

no fair-queue

no cdp enable

ppp callback accept

!

interface Group-Async1

ip unnumbered FastEthernet0/0

no ip mroute-cache

dialer in-band

dialer rotary-group 2

async mode interactive

no fair-queue

group-range 33 44

!

interface Dialer1

description ISDN inbellers

ip address 10.10.10.62 255.255.255.224

encapsulation ppp

no ip split-horizon

no ip mroute-cache

dialer in-band

dialer idle-timeout 900

dialer-group 1

peer default ip address pool isdn-inbellers

no fair-queue

no cdp enable

ppp callback accept

ppp authentication pap chap ms-chap

!

interface Dialer2

description PSTN inbellers

ip address 10.10.10.30 255.255.255.224

encapsulation ppp

no ip split-horizon

no ip mroute-cache

dialer in-band

dialer idle-timeout 900

dialer-group 2

peer default ip address pool pstn-inbellers

no fair-queue

no cdp enable

ppp callback accept

ppp authentication ms-chap

!

router ospf 1

log-adjacency-changes

redistribute static

network 10.10.10.0 0.0.0.255 area 0

network 192.168.10.0 0.0.0.255 area 0

!

ip local pool isdn-inbellers 10.10.10.33 10.10.10.61

ip local pool pstn-inbellers 10.10.10.1 10.10.10.29

ip default-gateway 192.168.3.254

no ip classless

no ip http server

ip pim bidir-enable

!

!

logging 192.168.5.1

dialer-list 1 protocol ip permit

radius-server host 192.168.0.22 auth-port 1645 acct-port 1646 key 7 1046080A171616021917

radius-server retransmit 3

!

line con 0

exec-timeout 0 0

login authentication CONSOLE

line 33 44

exec-timeout 0 0

modem InOut

modem autoconfigure type mica

transport input all

autoselect during-login

autoselect ppp

callback forced-wait 6

stopbits 1

flowcontrol hardware

line aux 0

line vty 0 4

session-timeout 3600

password ?????????????

!

end

Your config looks fine. You might want to open up a TAC case to further investigate into this.

~Zulfi

Zulfi,

Thanks, I will open a case via our support department.

Greetings

Luc

The config looks like it's missing a chat script to dial the callback number.

add this in global:-

chat-script offhook "" "ATH1" OK

chat-script callback ABORT ERROR ABORT BUSY "" "ATZ" OK "ATDT \T" TIMEOUT 60 CONNECT \c

and then under line 33-44 add:-

line 33 44

script modem-off-hook offhook

script callback callback

Looking at your debug output though, I also noticed that the user is not authorised for callback. After authentication, look for the line:-

May 26 11:01:23: Se0/0:0 MCB: Callback not authorized for this user BoetsRu

You will need to give the user callback permission in the user account (dialin tab).

If all else fails, have a look at the radius attribute/value pairs in the IAS logs (found in \\ias-server\RASLogFiles). This should give you reasons for failing to callback.

Also, the client will need to configure callback in advanced dialin properties.

Hope this helps.

ps If anyone knows how to get callback working with isdn(bri) with ppp multilink, please let me know.

Mike

Hope this helps

HI,

You're running into the following bug: CSCea11487

The Work-arounds:

Using Callback with Cisco-AV-pair and the empty dialstring option.

Best regard,

Ad