[RadiusNT] radius authentication problem after upgrade to 12.1(3)

Christian Schmit ( cschmit@vo.lu )
Mon, 24 Jul 2000 18:18:13 +0200

I just upgraded one AS5300 from 12.04XJ(4) IP plus
to 12.1(3) IP Plus. After this upgrade dial-in users
could no longer authenticate to login via radius.

I checked my radiusnt debug files and saw
that the radius server was receiving the
login request from the AS5300 and also
acknowledged the login request. However the AS
did not authenticate the user.

I then configured my radius server to let in
every user regardless of which password or username
is entered and this way it works. As you can
imagine this is only a temporary solution.

The same radius server worked fine with 12.04XJ(4)
and is still working fine with a group of PM3's.
No changes were made to the radius server.
I use radiusnt 2.5(212) with SQL 7 server.

My radius config on the NAS:
-----------------------------

aaa new-model
aaa authentication login SECURE group radius enable
aaa authentication login CONSOLE local
aaa authentication login AUX group radius enable
aaa authentication login VTY line
aaa authentication ppp default if-needed group radius local
aaa authorization exec default group radius if-authenticated
aaa authorization network default group radius if-authenticated
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
..
..
..
radius-server host a.b.c.d auth-port 1645 acct-port 1646

thanks,
Christian

For more information about this list (including removal) go to:
http://www.iea-software.com/support/maillists/liststart