cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3740
Views
45
Helpful
20
Replies

RADIUS can not authenticate using telnet/ssh

kamrannaseem
Level 1
Level 1

Hi,

I have TekRadius server running, when i try to login to my cisco 2960 switch through consol it's working fine but when i try to login through telnet/ssh it doest not let me in.

any help will be much appriciated.

Kind regards,

20 Replies 20

could you please run all the debugs:

debug aaa authen

debug aaa autho

debug radius

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

2d02h: AAA: parse name=tty0 idb type=-1 tty=-1

2d02h: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0

2d02h: AAA/MEMORY: create_user (0x1A97430) user='NULL' ruser='NULL' ds0=0 port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)

2d02h: AAA/AUTHEN/START (3482636447): port='tty0' list='' action=LOGIN service=LOGIN

2d02h: AAA/AUTHEN/START (3482636447): using "default" list

2d02h: AAA/AUTHEN/START (3482636447): Method=radius (radeemius)

2d02h: AAA/AUTHEN (3482636447): status = GETUSER

Username:
2d02h: AAA/AUTHEN/ABORT: (3482636447) because Login timed out.
2d02h: AAA/MEMORY: free_user_quiet (0x1A97430) user='NULL' ruser='NULL' port='tt                    y0' rem_addr='async' authen_type=1 service=1 priv=1
2d02h: AAA: parse name=tty0 idb type=-1 tty=-1
2d02h: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=                    0
2d02h: AAA/MEMORY: create_user (0x1A97430) user='NULL' ruser='NULL' ds0=0 port='                    tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0                    ', vrf= (id=0)
2d02h: AAA/AUTHEN/START (3364608519): port='tty0' list='' action=LOGIN service=L                    OGIN
2d02h: AAA/AUTHEN/START (3364608519): using "default" list
2d02h: AAA/AUTHEN/START (3364608519): Method=radius (radius)
2d02h: AAA/AUTHEN (3364608519): status = GETUSER
Username: k
2d02h: AAA/AUTHEN/CONT (3364608519): continue_login (user='(undef)')
2d02h: AAA/AUTHEN (3364608519): status = GETUSER
2d02h: AAA/AUTHEN (3364608519): Method=radius (radius)
2d02h: AAA/AUTHEN (3364608519): status = GETUSERnaseem
Password:
2d02h: AAA/AUTHEN/CONT (3364608519): continue_login (user='')
2d02h: AAA/AUTHEN (3364608519): status = GETUSER
2d02h: AAA/AUTHEN (3364608519): Method=radius (radius)
2d02h: AAA/AUTHEN (3364608519): status = GETPASS

2d02h: AAA/AUTHEN/CONT (3364608519): continue_login (user='knaseem')
2d02h: AAA/AUTHEN (3364608519): status = GETPASS
2d02h: AAA/AUTHEN (3364608519): Method=radius (radius)
Test-Switch>
2d02h: AAA/AUTHEN (3364608519): status = PASS
Test-Switch>

2d02h: AAA: parse name=tty0 idb type=-1 tty=-1
2d02h: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0
2d02h: AAA/MEMORY: create_user (0x1AA6A78) user='NULL' ruser='NULL' ds0=0 port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0

Username: knaseem
Password:           
Test-Switch>
2d02h: AAA/AUTHOR: authenticated console user is permitted

2d02h: RADIUS: Pick NAS IP for u=0x1AA6A78 tableid=0 cfg_addr=0.0.0.0

2d02h: RADIUS: ustruct sharecount=1

2d02h: Radius: radius_port_info() success=1 radius_nas_port=1

2d02h: RADIUS: added cisco VSA 2 len 4 "tty0"

2d02h: RADIUS(00000000): Send Access-Request to 128.1.15.92:1812 id 1645/75, len                          77

2d02h: RADIUS:  authenticator 45 0C 64 CE B8 DE C9 94 - D0 1F 2A 9C 61 F5 3B D8

2d02h: RADIUS:  NAS-IP-Address      [4]   6   128.1.17.214

2d02h: RADIUS:  NAS-Port            [5]   6   0

2d02h: RADIUS:  Vendor, Cisco       [26]  12

2d02h: RADIUS:   cisco-nas-port     [2]   6   "tty0"

2d02h: RADIUS:  NAS-Port-Type       [61]  6   Async                     [0]

2d02h: RADIUS:  User-Name           [1]   9   "knaseem"

2d02h: RADIUS:  User-Password       [2]   18  *

2d02h: RADIUS: Received from id 1645/75 128.1.15.92:1812, Access-Accept, len 45

2d02h: RADIUS:  authenticator 18 8C 79 BC F6 DF 99 25 - 6B EA 79 E1 DA 87 AB CA

2d02h: RADIUS:  Vendor, Cisco       [26]  25

2d02h: RADIUS:   Cisco AVpair       [1]   19  "shell:priv-lvl=15"

2d02h: RADIUS: saved authorization data for user 1AA6A78 at 1BB3620

2d02h: RADIUS: Pick NAS IP for u=0x1AA6A78 tableid=0 cfg_addr=0.0.0.0

2d02h: RADIUS: ustruct sharecount=3

2d02h: Radius: radius_port_info() success=1 radius_nas_port=1

2d02h: RADIUS: added cisco VSA 2 len 4 "tty0"

2d02h: RADIUS: No secret to encode request (rctx:0x1C9FFC0)

2d02h: RADIUS: Unable to encrypt (rctx:0x1C9FFC0)

2d02h: RADIUS(00000000): Send Accounting-Request to 128.1.15.92:1813 id 1646/57, len 93

2d02h: RADIUS:  authenticator 91 B9 7F 48 8A A4 90 E0 - 68 80 F2 B5 CE 93 AB ED

2d02h: RADIUS:  NAS-IP-Address      [4]   6   128.1.17.214

2d02h: RADIUS:  NAS-Port            [5]   6   0

2d02h: RADIUS:  Vendor, Cisco       [26]  12

2d02h: RADIUS:   cisco-nas-port     [2]   6   "tty0"

2d02h: RADIUS:  NAS-Port-Type       [61]  6   Async                     [0]

2d02h: RADIUS:  User-Name           [1]   9   "knaseem"

2d02h: RADIUS:  Acct-Status-Type    [40]  6   Start                     [1]

2d02h: RADIUS:  Acct-Authentic      [45]  6   RADIUS                    [1]

2d02h: RADIUS:  Service-Type        [6]   6   NAS Prompt                [7]

2d02h: RADIUS:  Acct-Session-Id     [44]  10  "0000001D"

2d02h: RADIUS:  Acct-Delay-Time     [41]  6   0

2d02h: RADIUS: Received from id 1646/57 128.1.15.92:1813, Accounting-response, len 20

2d02h: RADIUS:  authenticator 5B C7 86 EF B5 64 6B D4 - 9F B7 CC 34 91 AE 0F 91

Thanks Jatin issue has been resolved.

Just got one more question. How would i track logging user activities through radius ?

many thanks.

You may configure radius accounting. It will only gives you info about user login and logoff. The logged in user activities can not be seen because radius doesn't support command accounting, that can only be done via tacacs.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

Hi Kamran,

 

May I know how do you solve the issue? I currently facing the same issue as yours. 

kaplanyasin
Level 1
Level 1