I am attempting to set up AAA authentication to two Radius servers.
When I run a test aaa group command I succeed in authenticating. However when I attempt to login using SSH I cannot authenticate.
I am attaching the pertinent config statements below:
aaa new-model
aaa group server radius FOO
server name RADIUS2
server name RADIUS
!
aaa authentication login RAD local group radius
aaa authentication enable default enable
aaa authorization exec default local
aaa accounting exec default
action-type start-stop
group radius
aaa session-id common
ip radius source-interface Vlan11
radius server RADIUS
address ipv4 10.100.10.12 auth-port 1645 acct-port 1646
timeout 5
retransmit 2
automate-tester username ADM-NET-CHL
key 7 04681F551D721F5A5C495515
!
radius server RADIUS2
address ipv4 10.100.80.12 auth-port 1645 acct-port 1646
timeout 5
retransmit 2
automate-tester username ADM-NET-CHL
key 7 04681F551D721F5A5C495515
line vty 0 4
exec-timeout 0 0
login authentication local
transport input ssh
transport output ssh
line vty 5 15
exec-timeout 0 0
login authentication RAD
transport input ssh
transport output ssh
Under debug, when I run test I receive the following:
*Oct 24 15:35:14.405: AAA: parse name=<no string> idb type=-1 tty=-1
*Oct 24 15:35:14.405: AAA/MEMORY: create_user (0x3B9027A0) user='ADM-NET-CHL' ruser='NULL' ds0=0 port=''rem_addr='NULL' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)
*Oct 24 15:35:14.410: AAA/MEMORY: free_user (0x3B9027A0) user='ADM-NET-CHL' ruser='NULL' port='' rem_addr='NULL' authen_type=ASCII service=LOGIN priv=1 vrf= (id=0)
When I attempt to connect via SSH debug gives:
*Oct 24 15:36:12.280: AAA/BIND(00000028): Bind i/f
*Oct 24 15:36:12.280: AAA/AUTHEN/LOGIN (00000028): Pick method list 'RAD'
*Oct 24 15:36:19.144: AAA/AUTHEN/LOGIN (00000028): Pick method list 'RAD'
Can you tell me where I am going wrong?