RADIUS Authentication failed

jharo · ‎06-30-2004

Hi, I have problems to authenticate a user which use ISDN line, I have an AS5300 connected to a FreeRADIUS, when the user try to connect with its username and password the RADIUS recognize the username but the password is received as "CISCO",therefore I received a failed authentication error. When I connect with the same username by modem the connection is succesuful. If somebody knows about this issue please let me know.

Best regards

Jack

s.uslay · ‎06-30-2004

what is at the end of ISDN line? another router ?

Router configs at both ends would be useful.....

Serhat

Richard Burts · ‎07-01-2004

On the AS5300 authentication is configured separately (and potentially differently) for calls by modem and calls by ISDN. Modem calls are configured under interface group-async while ISDN calls are configured under interface dialer. If you specify anything different under these interfaces it might explain the different behaviors that you describe. Can you post the config?

HTH

Rick

jharo · ‎07-01-2004

Hi guys:

The configuration for AAA and Async and dialer interfaces is as follow:

-----------------------------------------------------

aaa authentication login default local group radius

aaa authentication ppp default local group radius

aaa authorization exec default local group radius

aaa authorization network default group radius

aaa accounting delay-start

aaa accounting exec default start-stop group radius

aaa accounting network default start-stop group radius

aaa accounting connection default start-stop group radius

aaa session-id common

interface Group-Async1

ip unnumbered FastEthernet0

encapsulation ppp

ip tcp header-compression

no ip mroute-cache

no logging event link-status

async mode interactive

no snmp trap link-status

peer default ip address pool local

no keepalive

no fair-queue

ppp max-bad-auth 3

ppp authentication pap

ppp multilink

group-range 1 240

!

interface Dialer1

ip unnumbered FastEthernet0

ip helper-address xxx.xxx.xxx.xxx

encapsulation ppp

no ip route-cache cef

ip tcp header-compression

dialer in-band

dialer idle-timeout 0

dialer-group 1

peer default ip address pool local

no cdp enable

ppp authentication pap chap callin

!

ip local pool local xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx

-----------------------------------------------------

The customer try to connect with a user name and password for example uname:PEPE passw:TEST but when he connects the RADIUS debug show me the authentication of the right username (PEPE) but the password is changed to CISCO and not TEST, obviously the RADIUS send me an authentication error.

Thanks a lot for the help.

Best regards

Jack

s.uslay · ‎07-01-2004

Is this the whole config ?

The lines "

aaa authentication login default local group radius

aaa authentication ppp default local group radius "

show that ppp authentication will be based on local database but not Radius ??

Also authorization is done in Radius..

Would you check the outputs of "debug aaa authen", " debug aaa authoriz" and "debug ppp authen"

They will tell you what is happening in the router and between router and radius.

Serhat