Debug shows attribute "idletime" failed. Looking at the
radius docs the attribute "idletime" is a tacacs attribute not
a radius attribute. My debug files of the radius server do not show
this attribute but the correct radius attribute "Idle-Timeout".
If I remove the radius attribute "Idle-Timeout" from my dial-in
profile on my radius server the AS5300 is again working with with
my radius server.
Debug of AS5300:
-------------------
09:34:00.093: Se2:27 AAA/AUTHOR/LCP: Processing AV service=ppp
09:34:00.093: Se2:27 AAA/AUTHOR/LCP: Processing AV idletime=1200
09:34:00.093: Se2:27 AAA/AUTHOR/LCP: idletime failed
09:34:00.093: Se2:27 AAA/AUTHOR/LCP: Denied
Debug of radius server:
-----------------------
Sending Ack of id 240 to d418c803 (as5300_10)
Framed-Protocol = PPP
User-Service = Framed-User
Port-Limit = 2
Idle-Timeout = 1200
Framed-Netmask = 255.255.255.255
Session-Timeout = 0
Framed-Routing = None
All this worked with 12.04XJ(4). Is my radius server
having a bug or IOS 12.1(3) or am I missing something??
Christian
At 10:21 AM 7/24/00 -0700, you wrote:
>Could you send some debugs from your Cisco? "debug radius", "debug aaa
>authen" and "debug aaa author" would probably be sufficient.
>
>Dennis
>
>Christian Schmit [cschmit@vo.lu] wrote:
> >
> > I just upgraded one AS5300 from 12.04XJ(4) IP plus
> > to 12.1(3) IP Plus. After this upgrade dial-in users
> > could no longer authenticate to login via radius.
> >
> > I checked my radius debug files and saw
> > that the radius server was receiving the
> > login request from the AS5300 and also
> > acknowledged the login request. However the AS
> > did not authenticate the user.
> >
> > I then configured my radius server to let in
> > every user regardless of which password or username
> > is entered and this way it works. As you can
> > imagine this is only a temporary solution.
> >
> > The same radius server worked fine with 12.04XJ(4)
> > and is still working fine with a group of PM3's.
> > No changes were made to the radius server.
> >
> > My radius config:
> > ------------------
> >
> > aaa new-model
> > aaa authentication login SECURE group radius enable
> > aaa authentication login CONSOLE local
> > aaa authentication login AUX group radius enable
> > aaa authentication login VTY line
> > aaa authentication ppp default if-needed group radius local
> > aaa authorization exec default group radius if-authenticated
> > aaa authorization network default group radius if-authenticated
> > aaa accounting exec default start-stop group radius
> > aaa accounting network default start-stop group radius
> > .
> > .
> > .
> > radius-server host a.b.c.d auth-port 1645 acct-port 1646
> >
> >
> > thanks,
> > Christian
> >
>
>--
>-------------------------------------------------------------------------
> || || Dennis Peng
> || || Cisco Systems, Inc. Escalation Engineer
> |||| |||| 170 West Tasman Drive Phone: (408) 526-6143
> ..:||||||:..:||||||:.. San Jose, CA 95134 Fax: (408) 232-2343
> Cisco Systems Inc. dpeng@cisco.com
>-------------------------------------------------------------------------
For more information about this list (including removal) go to:
http://www.iea-software.com/support/maillists/liststart