10-18-2004 06:54 AM
hi... when trying to get a user autenticated i get an autherization error from the ras. The goal is to bring up an l2tp tunnel sending to the radius server the domain (user@domain)... according to the debug output the radius accept the autentication request but afterwards an authentication error stop the ras from receiving the tunnel attributes from the radius
part of the debug output
Oct 18 09:53:51: RADIUS: authenticating to get author data
Oct 18 09:53:51: RADIUS: ustruct sharecount=2
Oct 18 09:53:51: RADIUS: Initial Transmit Async179 id 6 10.10.10.10:1645, Access-Request, len 93
Oct 18 09:53:51: Attribute 4 6 AC11283C
Oct 18 09:53:51: Attribute 5 6 000000B3
Oct 18 09:53:51: Attribute 61 6 00000000
Oct 18 09:53:51: Attribute 1 13 76706E74
Oct 18 09:53:51: Attribute 30 6 38333232
Oct 18 09:53:51: Attribute 31 12 32313235
Oct 18 09:53:51: Attribute 2 18 51D06AEC
Oct 18 09:53:51: Attribute 6 6 00000005
Oct 18 09:53:51: RADIUS: Received from id 6 10.10.10.10:1645, Access-Accept, len 234
Oct 18 09:53:51: Attribute 11 12 6E667573
Oct 18 09:53:51: Attribute 7 6 00000001
Oct 18 09:53:51: Attribute 6 6 00000002
Oct 18 09:53:51: Attribute 27 6 00005451
Oct 18 09:53:51: Attribute 26 31 0000000901197670
Oct 18 09:53:51: Attribute 26 54 0000000901307670
Oct 18 09:53:51: Attribute 26 30 0000000901187670
Oct 18 09:53:51: Attribute 26 39 0000000901217670
Oct 18 09:53:51: Attribute 26 30 0000000901187670
Oct 18 09:53:51: RADIUS: saved authorization data for user 6272A1A0 at 624D093C
Oct 18 09:53:51: RADIUS: Bad attribute (unsupported attribute): type 11 len 12 data 0x6E667573
Oct 18 09:53:51: AAA/AUTHOR (901646460): Post authorization status = ERROR
Oct 18 09:53:51: Async179 AAA/AUTHOR/VPDN (901646460): Method=NOT_SET
Oct 18 09:53:51: Async179 AAA/AUTHOR/VPDN (901646460): no methods left to try
Oct 18 09:53:51: AAA/AUTHOR (901646460): Post authorization status = ERROR
Oct 18 09:53:51: AAA/MEMORY: free_user (0x6272A1A0) user='vpntest.net' ruser='' port='Async179' rem_addr='2125002365/8322' authen_type=NONE service=LOGIN priv=0
and the aaa configuration in the 5300 AS:
aaa authentication login default local group cs-servers
aaa authentication login vtystyle group tacacs-unired local
aaa authentication ppp default group unired-servers local
aaa authorization exec vtystyle group tacacs-unired local if-authenticated
aaa authorization commands 15 vtystyle group tacacs+ local
aaa authorization network default group unired-servers group cs-servers
The same domain is authenticated with the same group of servers (cs-servers) in 5400 AS with no problem. Also in the 5300 other clients are bringing up tunnels after being authenticated using dnis number and with the other group of radius servers "unired-servers"
pls if someone can give me a hint of what may be happening?
Thanks ahead
asanes
10-26-2004 11:37 AM
Hope the following link helps....
http://www.cisco.com/en/US/tech/tk801/tk703/technologies_configuration_example09186a00800946f5.shtml
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide