Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
765
Views
0
Helpful
1
Replies

aaa authorization with Funk SBR EE

with_joerg
Level 1
Level 1

‎06-14-2005 01:54 AM - edited ‎03-10-2019 02:11 PM

Hello,

I do not get aaa authorization with Funk SBR EE to work.

On our cisco switches I configure:

aaa authentication default group radius local

aaa authorization exec default radius local

On the Funk radius server I return

service-type login

Cisco-AVPAIR shell:priv-lvl=15

Authorization always fails and the debug output shows:

1063433: 46w0d: CLUSTER_MEMBER_1: RADIUS: ustruct sharecount=1

1063434: 46w0d: CLUSTER_MEMBER_1: RADIUS: Initial Transmit tty3 id 60 [**radius-ip**}:1812, Access-Request, len 82

1063435: 46w0d: CLUSTER_MEMBER_1: Attribute 4 6 C3A976E2

1063436: 46w0d: CLUSTER_MEMBER_1: Attribute 5 6 00000003

1063437: 46w0d: CLUSTER_MEMBER_1: Attribute 61 6 00000005

1063438: 46w0d: CLUSTER_MEMBER_1: Attribute 1 9 66726974

1063439: 46w0d: CLUSTER_MEMBER_1: Attribute 31 17 3139352E

1063440: 46w0d: CLUSTER_MEMBER_1: Attribute 2 18 8772DAFD

1063441: 46w0d: CLUSTER_MEMBER_1: RADIUS: Received from id 60 [**radius-ip**]:1812, Access-Accept, len 87

1063442: 46w0d: CLUSTER_MEMBER_1: Attribute 25 67 53425232

1063443: 46w0d: CLUSTER_MEMBER_1: RADIUS: saved authorization data for user 111BFD8 at D4E310

1063444: 46w0d: CLUSTER_MEMBER_1: tty3 AAA/AUTHOR/EXEC (3848954035): Port='tty3' list='' service=EXEC

1063445: 46w0d: CLUSTER_MEMBER_1: AAA/AUTHOR/EXEC: tty3 (3848954035) user='username'

1063446: 46w0d: CLUSTER_MEMBER_1: tty3 AAA/AUTHOR/EXEC (3848954035): send AV service=shell

1063447: 46w0d: CLUSTER_MEMBER_1: tty3 AAA/AUTHOR/EXEC (3848954035): send AV cmd*

1063448: 46w0d: CLUSTER_MEMBER_1: tty3 AAA/AUTHOR/EXEC (3848954035): found list "default"

1063449: 46w0d: CLUSTER_MEMBER_1: tty3 AAA/AUTHOR/EXEC (3848954035): Method=radius (radius)

1063450: 46w0d: CLUSTER_MEMBER_1: RADIUS: no appropriate authorization type for user.

1063451: 46w0d: CLUSTER_MEMBER_1: AAA/AUTHOR (3848954035): Post authorization status = FAIL

1063452: 46w0d: CLUSTER_MEMBER_1: AAA/AUTHOR/EXEC: Authorization FAILED

1063453: 46w0d: CLUSTER_MEMBER_1: AAA/MEMORY: free_user (0x111BFD8) user='username' ruser='' port='tty3' rem_addr='[**client-ip**]' authen_type=ASCII service=LOGIN priv=1

What do I need to add to the radius server to make it work?

--Joerg

Labels:
0 Helpful
1 Reply 1

didyap
Level 6
Level 6

‎06-20-2005 06:09 AM

The document Common Problems in Debugging RADIUS, PAP and CHAP has more information on the debug outputs.

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080093f4b.shtml#radnpap

0 Helpful
Customers Also Viewed These Support Documents