Cistron 1.6.4 + Cisco AS5300

Mustafa N. Deeb mustafa@palnet.com
Mon, 10 Sep 2001 17:03:12 +0200 

I had the same problem

And I added these lines under the D channel
Ip unnumbered  <INTERFACE>
Ppp authentication pap



-----Original Message-----
From: cistron-radius-admin@lists.cistron.nl
[mailto:cistron-radius-admin@lists.cistron.nl] On Behalf Of Brent Reich
Sent: Monday, September 10, 2001 4:13 PM
To: cistron-radius@lists.cistron.nl
Subject: Re: Cistron 1.6.4 + Cisco AS5300

Not sure if this is the config info you had requested, Let me know if
this is not it, and maybe where on this thing (AS5300) i can get it for
you =)

interface Serial0:23
 no ip address
 no ip directed-broadcast
 encapsulation ppp
 dialer rotary-group 0
 dialer-group 1
 isdn switch-type primary-ni
 isdn tei-negotiation first-call
 isdn incoming-voice modem
 no cdp enable



On Sat, Sep 08, 2001 at 08:47:44AM +0200, Mustafa N. Deeb wrote:
> Can you forward us the configurations under the D-channel
> i.e Serial X/X:15
> 
> I always had this problem with ciscos, but it was always solved inside
> the D-Channel Configs.
> 
> Cheers
> 
> -----Original Message-----
> From: cistron-radius-admin@lists.cistron.nl
> [mailto:cistron-radius-admin@lists.cistron.nl] On Behalf Of Brent
Reich
> Sent: Friday, September 07, 2001 8:50 PM
> To: cistron-radius@lists.cistron.nl
> Subject: Re: Cistron 1.6.4 + Cisco AS5300
> 
> 
> 
> Hi Miquel,
> 
> I beleive my NAS is in order, here is the pertinent aaa configs from
the
> 5300:
> 
> aaa authentication login default line
> aaa authentication login dialin radius
> aaa authentication enable default enable
> aaa authentication ppp default radius
> aaa authorization network default radius
> aaa accounting network default start-stop radius
> 
> I have delved into the archives and found a thread called "Analog yes,
> ISDN no... Why? the goback" from March 2001
> 
> 
> It appears i have a very similar problem, in further inspection (
> following the FAQ debug). I find that my Async users get on just fine,
> its only the ISDN users that cannot authenticate. here is output from
> the
> radius server:
> 
> radrecv: Request from host xxx.xxx.xxx.35 code=1, id=157, length=84
>     NAS-IP-Address = xxx.xxx.xxx.35
>     NAS-Port-Id = 32
>     NAS-Port-Type = Async
>     User-Name = "name"
>     Called-Station-Id = "1111111"
>     Password = "***encrypted stuff***"
>     Service-Type = Framed-User
>     Framed-Protocol = PPP
>   users: Matched name at 418
>   auth: System
> Sending Ack of id 157 to xxx.xxx.xxx.35 (nas d-nas00)
>     Service-Type = Framed-User
>     Framed-IP-Address = 0.0.0.0
>     Framed-MTU = 1500
>     Framed-Compression = Van-Jacobson-TCP-IP
> Login OK: [name/password] (from nas d-nas00/S32)
> radrecv: Request from host xxx.xxx.xxx.35 code=4, id=158, length=94
>     NAS-IP-Address = xxx.xxx.xxx.35
>     NAS-Port-Id = 32
>     NAS-Port-Type = Async
>     User-Name = "name"
>     Called-Station-Id = "1111111"
>     Acct-Status-Type = Start
>     Acct-Authentic = RADIUS
>     Service-Type = Framed-User
>     Acct-Session-Id = "00000A36"
>     Framed-Protocol = PPP
>     Acct-Delay-Time = 0
> Sending Accounting Ack of id 158 to xxx.xxx.xxx.35 (nas d-nas00)
> 
> 
> This all should be good  ^^^^^^^^^^^^^^^^^  BTW, the NAS assigns
*most*
> users dynamic IP's, do i even need the Framed-IP-Addresss = 0.0.0.0 in
> my users file for those people??? (i will incude a segment of the
users
> file at the bottom.)
> 
> here's the bad stuff:
> 
> Login incorrect: [ISDNname/password] (from nas d-nas00/S20111 cli
> 1111111)
> radrecv: Request from host xxx.xxx.xxx.35 code=4, id=160, length=107
>     NAS-IP-Address = xxx.xxx.xxx.35
>     NAS-Port-Id = 20111
>     NAS-Port-Type = ISDN
>     User-Name = "ISDNname"
>     Calling-Station-Id = "1111111"
>     Acct-Status-Type = Stop
>     Acct-Authentic = RADIUS
>     Service-Type = Framed-User
>     Acct-Session-Id = "00000A37"
>     Acct-Input-Packets = 0
>     Acct-Output-Packets = 0
>     Acct-Session-Time = 0
>     Acct-Delay-Time = 0
> Accounting: logout: login entry for NAS d-nas00 port 20111 not found
> Sending Accounting Ack of id 160 to xxx.xxx.xxx.35 (nas d-nas00)
> radrecv: Request from host xxx.xxx.xxx.35 code=1, id=161, length=85
>     NAS-IP-Address = xxx.xxx.xxx.35
>     NAS-Port-Id = 20113
>     NAS-Port-Type = ISDN
>     User-Name = "ISDNname"
>     Calling-Station-Id = "1111111"
>     Password = "***encrypted stuff***"
>     Service-Type = Framed-User
>     Framed-Protocol = PPP
>   users: Matched ISDNname at 15
>   auth: System
> Sending Reject of id 161 to xxx.xxx.xxx.35 (nas d-nas00)
> Login incorrect: [ISDNname/password] (from nas d-nas00/S20113 cli
> 1111111)
> radrecv: Request from host xxx.xxx.xxx.35 code=4, id=162, length=107
>     NAS-IP-Address = xxx.xxx.xxx.35
>     NAS-Port-Id = 20113
>     NAS-Port-Type = ISDN
>     User-Name = "ISDNname"
>     Calling-Station-Id = "1111111"
>     Acct-Status-Type = Stop
>     Acct-Authentic = RADIUS
>     Service-Type = Framed-User
>     Acct-Session-Id = "00000A38"
>     Acct-Input-Packets = 0
>     Acct-Output-Packets = 0
>     Acct-Session-Time = 0
>     Acct-Delay-Time = 0
> Accounting: logout: login entry for NAS d-nas00 port 20113 not found
> Sending Accounting Ack of id 162 to xxx.xxx.xxx.35 (nas d-nas00)
> 
> 
> It does say Login Incorrect, but that is incorrect, the password
> (cleartext) _is_ correct.
> 
> So, I still never get a "START" record for ISDN users. I still don't
> understand what all the Accounting: logout: port not found entries
mean.
> 
> >From the users file:
> 
> ########ISDN########
> 
> ISDNname   Auth-Type = System, Simultaneous-Use = 1, NAS-Port-Type =
> ISDN
>         Service-Type = Framed-User,
>         Framed-Protocol = PPP,
>         Framed-IP-Address = 0.0.0.0,
>         Framed-MTU = 1500,
>         Framed-Compression = Van-Jacobson-TCP-IP
> 
> ISDNname1   Auth-Type = System, Simultaneous-Use = 2, NAS-Port-Type =
> ISDN
>         Service-Type = Framed-User,
>         Framed-Protocol = PPP,
>         Framed-IP-Address = xxx.xxx.xxx.9,
>         Framed-MTU = 1500,
>         Framed-Compression = Van-Jacobson-TCP-IP
> 
> 
> ########DIAL-UP########
> 
> name   Auth-Type = System, Simultaneous-Use = 2
>         Service-Type = Framed-User,
>         Framed-IP-Address = 0.0.0.0,
>         Framed-MTU = 1500,
>         Framed-Compression = Van-Jacobson-TCP-IP
> 
> 
> name1   Auth-Type = System, Simultaneous-Use = 1
>         Service-Type = Framed-User,
>         Framed-IP-Address = 0.0.0.0,
>         Framed-MTU = 1500,
>         Framed-Compression = Van-Jacobson-TCP-IP
> 
> any thoughts on where to go from here?  i am thoroughly confused.
> 
> On Thu, Sep 06, 2001 at 10:43:45PM +0000, Miquel van Smoorenburg
wrote:
> > In article <20010906160127.A22694@unixcentauri.com>,
> > Brent Reich  <brent@unixcentauri.com> wrote:
> > >I am pretty green at Radius and SNMP, if i need to include more
info
> for
> > >this please let me know and i will provide it. Needless to say in
my
> > >details file i only get "STOP" records.
> > 
> > And that is exactly your problem. Fix your NAS so that it sends
> > start records as well.
> > 
> > Mike.
> > -- 
> > "Answering above the the original message is called top posting.
> Sometimes
> >  also called the Jeopardy style. Usenet is Q & A not A & Q." -- Bob
> Gootee
> > 
> > 
> > - 
> > List info/subscribe/unsubscribe? See
> http://www.radius.cistron.nl/list/
> 
> -- 
> 
> Brent Reich, CCNA
> brent@unixcentauri.com
> http://www.unixcentauri.com
> 0110111001101111011011100111001101100101011011100111001101100101
> 
> - 
> List info/subscribe/unsubscribe? See
http://www.radius.cistron.nl/list/
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See
http://www.radius.cistron.nl/list/

-- 

Brent Reich, CCNA
brent@unixcentauri.com
http://www.unixcentauri.com
0110111001101111011011100111001101100101011011100111001101100101

- 
List info/subscribe/unsubscribe? See http://www.radius.cistron.nl/list/