Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3740
Views
45
Helpful
20
Replies

RADIUS can not authenticate using telnet/ssh

kamrannaseem
Level 1
Level 1

‎06-28-2013 07:25 AM - edited ‎03-10-2019 08:35 PM

Hi,

I have TekRadius server running, when i try to login to my cisco 2960 switch through consol it's working fine but when i try to login through telnet/ssh it doest not let me in.

any help will be much appriciated.

Kind regards,

Labels:
0 Helpful
20 Replies 20

Jatin Katyal
Cisco Employee
Cisco Employee
In response to kamrannaseem

‎07-01-2013 06:18 AM

could you please run all the debugs:

debug aaa authen

debug aaa autho

debug radius

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

kamrannaseem
Level 1
Level 1
In response to Jatin Katyal

‎07-01-2013 06:46 AM

2d02h: AAA: parse name=tty0 idb type=-1 tty=-1

2d02h: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0

2d02h: AAA/MEMORY: create_user (0x1A97430) user='NULL' ruser='NULL' ds0=0 port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)

2d02h: AAA/AUTHEN/START (3482636447): port='tty0' list='' action=LOGIN service=LOGIN

2d02h: AAA/AUTHEN/START (3482636447): using "default" list

2d02h: AAA/AUTHEN/START (3482636447): Method=radius (radeemius)

2d02h: AAA/AUTHEN (3482636447): status = GETUSER

Username:
2d02h: AAA/AUTHEN/ABORT: (3482636447) because Login timed out.
2d02h: AAA/MEMORY: free_user_quiet (0x1A97430) user='NULL' ruser='NULL' port='tt                    y0' rem_addr='async' authen_type=1 service=1 priv=1
2d02h: AAA: parse name=tty0 idb type=-1 tty=-1
2d02h: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=                    0
2d02h: AAA/MEMORY: create_user (0x1A97430) user='NULL' ruser='NULL' ds0=0 port='                    tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0                    ', vrf= (id=0)
2d02h: AAA/AUTHEN/START (3364608519): port='tty0' list='' action=LOGIN service=L                    OGIN
2d02h: AAA/AUTHEN/START (3364608519): using "default" list
2d02h: AAA/AUTHEN/START (3364608519): Method=radius (radius)
2d02h: AAA/AUTHEN (3364608519): status = GETUSER
Username: k
2d02h: AAA/AUTHEN/CONT (3364608519): continue_login (user='(undef)')
2d02h: AAA/AUTHEN (3364608519): status = GETUSER
2d02h: AAA/AUTHEN (3364608519): Method=radius (radius)
2d02h: AAA/AUTHEN (3364608519): status = GETUSERnaseem
Password:
2d02h: AAA/AUTHEN/CONT (3364608519): continue_login (user='')
2d02h: AAA/AUTHEN (3364608519): status = GETUSER
2d02h: AAA/AUTHEN (3364608519): Method=radius (radius)
2d02h: AAA/AUTHEN (3364608519): status = GETPASS

2d02h: AAA/AUTHEN/CONT (3364608519): continue_login (user='knaseem')
2d02h: AAA/AUTHEN (3364608519): status = GETPASS
2d02h: AAA/AUTHEN (3364608519): Method=radius (radius)
Test-Switch>
2d02h: AAA/AUTHEN (3364608519): status = PASS
Test-Switch>

2d02h: AAA: parse name=tty0 idb type=-1 tty=-1
2d02h: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0
2d02h: AAA/MEMORY: create_user (0x1AA6A78) user='NULL' ruser='NULL' ds0=0 port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0

Username: knaseem
Password:           
Test-Switch>
2d02h: AAA/AUTHOR: authenticated console user is permitted

2d02h: RADIUS: Pick NAS IP for u=0x1AA6A78 tableid=0 cfg_addr=0.0.0.0

2d02h: RADIUS: ustruct sharecount=1

2d02h: Radius: radius_port_info() success=1 radius_nas_port=1

2d02h: RADIUS: added cisco VSA 2 len 4 "tty0"

2d02h: RADIUS(00000000): Send Access-Request to 128.1.15.92:1812 id 1645/75, len                          77

2d02h: RADIUS:  authenticator 45 0C 64 CE B8 DE C9 94 - D0 1F 2A 9C 61 F5 3B D8

2d02h: RADIUS:  NAS-IP-Address      [4]   6   128.1.17.214

2d02h: RADIUS:  NAS-Port            [5]   6   0

2d02h: RADIUS:  Vendor, Cisco       [26]  12

2d02h: RADIUS:   cisco-nas-port     [2]   6   "tty0"

2d02h: RADIUS:  NAS-Port-Type       [61]  6   Async                     [0]

2d02h: RADIUS:  User-Name           [1]   9   "knaseem"

2d02h: RADIUS:  User-Password       [2]   18  *

2d02h: RADIUS: Received from id 1645/75 128.1.15.92:1812, Access-Accept, len 45

2d02h: RADIUS:  authenticator 18 8C 79 BC F6 DF 99 25 - 6B EA 79 E1 DA 87 AB CA

2d02h: RADIUS:  Vendor, Cisco       [26]  25

2d02h: RADIUS:   Cisco AVpair       [1]   19  "shell:priv-lvl=15"

2d02h: RADIUS: saved authorization data for user 1AA6A78 at 1BB3620

2d02h: RADIUS: Pick NAS IP for u=0x1AA6A78 tableid=0 cfg_addr=0.0.0.0

2d02h: RADIUS: ustruct sharecount=3

2d02h: Radius: radius_port_info() success=1 radius_nas_port=1

2d02h: RADIUS: added cisco VSA 2 len 4 "tty0"

2d02h: RADIUS: No secret to encode request (rctx:0x1C9FFC0)

2d02h: RADIUS: Unable to encrypt (rctx:0x1C9FFC0)

2d02h: RADIUS(00000000): Send Accounting-Request to 128.1.15.92:1813 id 1646/57, len 93

2d02h: RADIUS:  authenticator 91 B9 7F 48 8A A4 90 E0 - 68 80 F2 B5 CE 93 AB ED

2d02h: RADIUS:  NAS-IP-Address      [4]   6   128.1.17.214

2d02h: RADIUS:  NAS-Port            [5]   6   0

2d02h: RADIUS:  Vendor, Cisco       [26]  12

2d02h: RADIUS:   cisco-nas-port     [2]   6   "tty0"

2d02h: RADIUS:  NAS-Port-Type       [61]  6   Async                     [0]

2d02h: RADIUS:  User-Name           [1]   9   "knaseem"

2d02h: RADIUS:  Acct-Status-Type    [40]  6   Start                     [1]

2d02h: RADIUS:  Acct-Authentic      [45]  6   RADIUS                    [1]

2d02h: RADIUS:  Service-Type        [6]   6   NAS Prompt                [7]

2d02h: RADIUS:  Acct-Session-Id     [44]  10  "0000001D"

2d02h: RADIUS:  Acct-Delay-Time     [41]  6   0

2d02h: RADIUS: Received from id 1646/57 128.1.15.92:1813, Accounting-response, len 20

2d02h: RADIUS:  authenticator 5B C7 86 EF B5 64 6B D4 - 9F B7 CC 34 91 AE 0F 91

0 Helpful

kamrannaseem
Level 1
Level 1
In response to kamrannaseem

‎07-01-2013 10:16 AM

Thanks Jatin issue has been resolved.

Just got one more question. How would i track logging user activities through radius ?

many thanks.

0 Helpful

Jatin Katyal
Cisco Employee
Cisco Employee
In response to kamrannaseem

‎07-01-2013 10:35 AM

You may configure radius accounting. It will only gives you info about user login and logoff. The logged in user activities can not be seen because radius doesn't support command accounting, that can only be done via tacacs.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

MOHD SYAFIQ
Level 1
Level 1
In response to kamrannaseem

‎01-20-2015 07:53 PM

Hi Kamran,

 

May I know how do you solve the issue? I currently facing the same issue as yours. 

0 Helpful

kaplanyasin
Level 1
Level 1

‎07-03-2023 05:15 AM

Please see https://www.kaplansoft.com/TekRADIUS/Docs/Cisco-Login.pdf

0 Helpful
Customers Also Viewed These Support Documents