Richard.Lewis at cwcom
Jul 23, 2002, 1:44 AM
Post #4 of 4
(601 views)
Permalink
|
|
RE: [nsp] Merit Radius and Cisco authorization
[In reply to]
|
|
Hi Hank,
Did you note the different syntax for the VSA attribute... Cisco: before the attribute?
Both my versions are 3.6B, one is a NetBSD precompiled binary (no longer available I think, they've moved to cistron) and the other is a Solaris 2.6 freeware precompiled binary.
Both use this syntax. It is described in the dictionary files. Both work.
I don't have time to check - these are only lab RADIUSs - but it does work fine. Also for Cosine, other vendors etc.. I helped one of my colleagues configure exactly what you are doing a couple of days ago.
Not sure why you reference a bugfix for USR (US Robotics = 3Com) VSAs when you are using Cisco kit. Have you found this applies to Cisco VSAs too?
Of course I have precompiled binaries - looks like you are compiling so YMMV.
Regards,
Richard
> -----Original Message-----
> From: Hank Nussbacher [SMTP:hank [at] att]
> Sent: Tuesday, July 23, 2002 9:27 AM
> To: Lewis, Richard
> Cc: cisco-nsp [at] puck
> Subject: RE: [nsp] Merit Radius and Cisco authorization
>
> At 09:09 AM 23-07-02 +0100, you wrote:
> >Hi Hank,
> >
> >On my Merit RADIUS it is :
> >
> > Cisco:Cisco-Avpair = "shell:priv-lvl=15"
> >
> > ..and don't forget the comma after the second line.
>
> Huh? Care to explain?
>
> Looking at http://www.merit.edu/michnet/dial-in/aaa/faq.html#usrvsa and the
> code we downloaded is 3.6B then we need to apply the patch. Where did you
> get your version from?
>
> -Hank
>
>
> > If you debug the RADIUS you can see if it is happy with your
> > Cisco AV-pair attribute or if it is "tossing" it.
> >
> > Regards,
> >
> > Richard
> >
> >
> >
> >
> > > -----Original Message-----
> > > From: Hank Nussbacher [SMTP:hank [at] att]
> > > Sent: Tuesday, July 23, 2002 8:43 AM
> > > To: cisco-nsp [at] puck
> > > Subject: [nsp] Merit Radius and Cisco authorization
> > >
> > > We are unable to get the Merit Radius to work properly with Cisco
> > > authorization. Authentication works ok but authorization doesn't work:
> > > seven Password = "eight"
> > > Service-Type = Shell-User
> > > Cisco-Avpair = shell:priv-lvl=15
> > >
> > > Can someone send a working Merit Radius server config and the Cisco
> > > commands you use for authorization:
> > > aaa authorization exec default radius if-authenticated
> > >
> > > Thanks,
> > > Hank
> > >
> > > _______________________________________________
> > > cisco-nsp mailing list
> > > cisco-nsp [at] puck
> > > http://puck.nether.net/mailman/listinfo/cisco-nsp
> >
> >
> >**********************************************************************
> >This message may contain information which is confidential or privileged.
> >If you are not the intended recipient, please advise the sender immediately
> >by reply e-mail and delete this message and any attachments
> >without retaining a copy.
> >
> >**********************************************************************
**********************************************************************
This message may contain information which is confidential or privileged.
If you are not the intended recipient, please advise the sender immediately
by reply e-mail and delete this message and any attachments
without retaining a copy.
**********************************************************************
|
