Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1757
Views
0
Helpful
1
Replies

Using RAdius for Remote authentication but local for Telnet

wsherlock
Level 1
Level 1

‎07-03-2002 05:58 AM - edited ‎02-21-2020 10:01 AM

I have a 3640 used for RAS. The remote users need a post dial terminal window for a form of token Authentication. This is specified with the LOGIN command. When I try and telnet in I am promted for username/password which passess but the telnet fails. The RADIUS server being used does not specify a telnet parameter, so tries to use PPP for telnet. If I remove Login RADIUS then the remote users get no output from thier post dial window. Can I specify that telnet is only locally authenticated, and therefore not effect any remote users needing to use login?

Any help would be greatly appreciated.

I have attached current config.

service password-encryption

service udp-small-servers

service tcp-small-servers

!

!

aaa new-model

aaa authentication login default group radius

aaa authentication ppp default if-needed group radius

aaa authorization exec default group radius

aaa authorization network default group radius

aaa accounting exec default start-stop group radius

aaa accounting network default start-stop group radius

enable secret 5 $1$CMCO$IMo3eQ0NJO/l/yNfwdfOT0

!

ip subnet-zero

!

!

!

interface Ethernet0/1

ip address

no ip proxy-arp

full-duplex

!

interface Ethernet0/2

ip address

no ip proxy-arp

full-duplex

!

interface Ethernet0/3

ip address

ip address

ip helper-address

load-interval 30

full-duplex

!

interface Serial1/0

description 'Link to Warricker Centre'

ip address

priority-group 1

serial restart-delay 0

!

interface Serial1/1

description Link to Basement Upney Lane

ip address

serial restart-delay 0

!

interface Serial1/2

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/3

no ip address

shutdown

serial restart-delay 0

!

interface Group-Async1

ip unnumbered Ethernet0/3

encapsulation ppp

no ip mroute-cache

dialer in-band

dialer idle-timeout 600

dialer-group 1

async mode interactive

peer default ip address dhcp

no fair-queue

ppp authentication chap

group-range 65 72

!

ip classless

ip http server

ip pim bidir-enable

!

priority-list 1 protocol ip high tcp telnet

dialer-list 1 protocol ip permit

!

radius-server host 15.10.30.4 auth-port 1645 acct-port 1646

radius-server retransmit 3

radius-server key 7 0807697C3B38373E

!

line con 0

line 65 72

exec-timeout 0 0

modem InOut

transport preferred none

transport input all

transport output none

autoselect during-login

autoselect ppp

line aux 0

line vty 0 4

password 7 09435C081702124359

!

end

Labels:
0 Helpful
1 Reply 1

Georgia Coalman
Level 1
Level 1

‎07-03-2002 08:32 PM

Hi :)

You'll need to create a different method list for AAA that you can apply to your vty line. The term local means using a username/password that resides on your router. However looking at you configuration, you have no username/passwords configured so I assume that you want to simply get a password prompt when you telnet to the router. If I have understood you correctly then configure the following. As you haven't provided a show version I'm assuming that you're running the latest code:

aaa authentication login vtylines line none

aaa authorization exec vtylines none

line vty 0 4

login authentication vtylines

authorization exec vtylines

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents