[cisco-nas] 12.3(11)T2 authorization failed, Constructed " ppp negotiate"...trying to get an exec

Thu Dec 30 11:39:26 EST 2004

Josh Duffek wrote:

> Was getting author failed after trying to login:
> 
> 160467: Dec 30 10:26:15.795 cst: RADIUS: Received from id 1645/35
> x.x.x.x:1645, Access-Accept, len 64
> 160468: Dec 30 10:26:15.795 cst: RADIUS:  authenticator C7 90 70 AE 52
> 30 32 23 - 60 B7 4D 00 C0 92 84 78
> 160469: Dec 30 10:26:15.795 cst: RADIUS:  Framed-Protocol     [7]   6
> PPP                       [1]
> 160470: Dec 30 10:26:15.795 cst: RADIUS:  Service-Type        [6]   6
> Framed                    [2]
> 160471: Dec 30 10:26:15.795 cst: RADIUS:  Class               [25]  32  
> 160472: Dec 30 10:26:15.795 cst: RADIUS:   5D 6D 06 25 00 00 01 37 00 01
> 92 92 FE D2 01 C4  []m?????7????????]
> 160473: Dec 30 10:26:15.795 cst: RADIUS:   ED 32 08 2F 63 0C 00 00 00 00
> 00 00 01 6C        [?2?/c????????l]
> 160474: Dec 30 10:26:15.795 cst: RADIUS(00000B44): Received from id
> 1645/35
> 160475: Dec 30 10:26:15.795 cst: RADIUS: Constructed " ppp negotiate"
> 160476: Dec 30 10:26:15.799 cst: AAA/AUTHOR (0xB44): Pick method list
> 'default' - FAIL
> 160477: Dec 30 10:26:15.799 cst: AAA/AUTHOR/EXEC(00000B44):
> Authorization FAILED
> 
> IOS and Relevent config:
> 
> INTRO#sh ver | i IOS
> Cisco IOS Software, 7200 Software (C7200-JK9O3S-M), Version 12.3(11)T2,
> RELEASE SOFTWARE (fc1)
> 
> aaa new-model
> aaa authentication login default group radius local
> aaa authentication login pptp group radius local
> aaa authentication login network group radius
> aaa authorization exec default local
> aaa authorization network default local 
> aaa authorization network network group radius 
> aaa session-id common
> 
> ...so I made it "aaa author exec default none" and it works ok now...but
> why does it have a mention of ppp negotiate when I am coming in for an
> exec?
> 

Because Service-Type = Framed and Framed-Protocol = PPP in your user 
profile.