06-28-2013 07:25 AM - edited 03-10-2019 08:35 PM
Hi,
I have TekRadius server running, when i try to login to my cisco 2960 switch through consol it's working fine but when i try to login through telnet/ssh it doest not let me in.
any help will be much appriciated.
Kind regards,
07-01-2013 06:18 AM
could you please run all the debugs:
debug aaa authen
debug aaa autho
debug radius
~BR
Jatin Katyal
**Do rate helpful posts**
07-01-2013 06:46 AM
2d02h: AAA: parse name=tty0 idb type=-1 tty=-1
2d02h: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0
2d02h: AAA/MEMORY: create_user (0x1A97430) user='NULL' ruser='NULL' ds0=0 port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)
2d02h: AAA/AUTHEN/START (3482636447): port='tty0' list='' action=LOGIN service=LOGIN
2d02h: AAA/AUTHEN/START (3482636447): using "default" list
2d02h: AAA/AUTHEN/START (3482636447): Method=radius (radeemius)
2d02h: AAA/AUTHEN (3482636447): status = GETUSER
Username:
2d02h: AAA/AUTHEN/ABORT: (3482636447) because Login timed out.
2d02h: AAA/MEMORY: free_user_quiet (0x1A97430) user='NULL' ruser='NULL' port='tt y0' rem_addr='async' authen_type=1 service=1 priv=1
2d02h: AAA: parse name=tty0 idb type=-1 tty=-1
2d02h: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel= 0
2d02h: AAA/MEMORY: create_user (0x1A97430) user='NULL' ruser='NULL' ds0=0 port=' tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0 ', vrf= (id=0)
2d02h: AAA/AUTHEN/START (3364608519): port='tty0' list='' action=LOGIN service=L OGIN
2d02h: AAA/AUTHEN/START (3364608519): using "default" list
2d02h: AAA/AUTHEN/START (3364608519): Method=radius (radius)
2d02h: AAA/AUTHEN (3364608519): status = GETUSER
Username: k
2d02h: AAA/AUTHEN/CONT (3364608519): continue_login (user='(undef)')
2d02h: AAA/AUTHEN (3364608519): status = GETUSER
2d02h: AAA/AUTHEN (3364608519): Method=radius (radius)
2d02h: AAA/AUTHEN (3364608519): status = GETUSERnaseem
Password:
2d02h: AAA/AUTHEN/CONT (3364608519): continue_login (user='')
2d02h: AAA/AUTHEN (3364608519): status = GETUSER
2d02h: AAA/AUTHEN (3364608519): Method=radius (radius)
2d02h: AAA/AUTHEN (3364608519): status = GETPASS
2d02h: AAA/AUTHEN/CONT (3364608519): continue_login (user='knaseem')
2d02h: AAA/AUTHEN (3364608519): status = GETPASS
2d02h: AAA/AUTHEN (3364608519): Method=radius (radius)
Test-Switch>
2d02h: AAA/AUTHEN (3364608519): status = PASS
Test-Switch>
2d02h: AAA: parse name=tty0 idb type=-1 tty=-1
2d02h: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0
2d02h: AAA/MEMORY: create_user (0x1AA6A78) user='NULL' ruser='NULL' ds0=0 port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0
Username: knaseem
Password:
Test-Switch>
2d02h: AAA/AUTHOR: authenticated console user is permitted
2d02h: RADIUS: Pick NAS IP for u=0x1AA6A78 tableid=0 cfg_addr=0.0.0.0
2d02h: RADIUS: ustruct sharecount=1
2d02h: Radius: radius_port_info() success=1 radius_nas_port=1
2d02h: RADIUS: added cisco VSA 2 len 4 "tty0"
2d02h: RADIUS(00000000): Send Access-Request to 128.1.15.92:1812 id 1645/75, len 77
2d02h: RADIUS: authenticator 45 0C 64 CE B8 DE C9 94 - D0 1F 2A 9C 61 F5 3B D8
2d02h: RADIUS: NAS-IP-Address [4] 6 128.1.17.214
2d02h: RADIUS: NAS-Port [5] 6 0
2d02h: RADIUS: Vendor, Cisco [26] 12
2d02h: RADIUS: cisco-nas-port [2] 6 "tty0"
2d02h: RADIUS: NAS-Port-Type [61] 6 Async [0]
2d02h: RADIUS: User-Name [1] 9 "knaseem"
2d02h: RADIUS: User-Password [2] 18 *
2d02h: RADIUS: Received from id 1645/75 128.1.15.92:1812, Access-Accept, len 45
2d02h: RADIUS: authenticator 18 8C 79 BC F6 DF 99 25 - 6B EA 79 E1 DA 87 AB CA
2d02h: RADIUS: Vendor, Cisco [26] 25
2d02h: RADIUS: Cisco AVpair [1] 19 "shell:priv-lvl=15"
2d02h: RADIUS: saved authorization data for user 1AA6A78 at 1BB3620
2d02h: RADIUS: Pick NAS IP for u=0x1AA6A78 tableid=0 cfg_addr=0.0.0.0
2d02h: RADIUS: ustruct sharecount=3
2d02h: Radius: radius_port_info() success=1 radius_nas_port=1
2d02h: RADIUS: added cisco VSA 2 len 4 "tty0"
2d02h: RADIUS: No secret to encode request (rctx:0x1C9FFC0)
2d02h: RADIUS: Unable to encrypt (rctx:0x1C9FFC0)
2d02h: RADIUS(00000000): Send Accounting-Request to 128.1.15.92:1813 id 1646/57, len 93
2d02h: RADIUS: authenticator 91 B9 7F 48 8A A4 90 E0 - 68 80 F2 B5 CE 93 AB ED
2d02h: RADIUS: NAS-IP-Address [4] 6 128.1.17.214
2d02h: RADIUS: NAS-Port [5] 6 0
2d02h: RADIUS: Vendor, Cisco [26] 12
2d02h: RADIUS: cisco-nas-port [2] 6 "tty0"
2d02h: RADIUS: NAS-Port-Type [61] 6 Async [0]
2d02h: RADIUS: User-Name [1] 9 "knaseem"
2d02h: RADIUS: Acct-Status-Type [40] 6 Start [1]
2d02h: RADIUS: Acct-Authentic [45] 6 RADIUS [1]
2d02h: RADIUS: Service-Type [6] 6 NAS Prompt [7]
2d02h: RADIUS: Acct-Session-Id [44] 10 "0000001D"
2d02h: RADIUS: Acct-Delay-Time [41] 6 0
2d02h: RADIUS: Received from id 1646/57 128.1.15.92:1813, Accounting-response, len 20
2d02h: RADIUS: authenticator 5B C7 86 EF B5 64 6B D4 - 9F B7 CC 34 91 AE 0F 91
07-01-2013 10:16 AM
Thanks Jatin issue has been resolved.
Just got one more question. How would i track logging user activities through radius ?
many thanks.
07-01-2013 10:35 AM
You may configure radius accounting. It will only gives you info about user login and logoff. The logged in user activities can not be seen because radius doesn't support command accounting, that can only be done via tacacs.
~BR
Jatin Katyal
**Do rate helpful posts**
01-20-2015 07:53 PM
Hi Kamran,
May I know how do you solve the issue? I currently facing the same issue as yours.
07-03-2023 05:15 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide