[nsp] Merit Radius and Cisco authorization

Lewis, Richard Richard.Lewis@cwcom.cwplc.com
Tue, 23 Jul 2002 09:44:49 +0100


Hi Hank,

Did you note the different syntax for the VSA attribute... Cisco:  before the attribute?

Both my versions are 3.6B, one is a NetBSD precompiled binary (no longer available I think, they've moved to cistron) and the other is a Solaris 2.6 freeware precompiled binary.

Both use this syntax. It is described in the dictionary files. Both work.

I don't have time to check - these are only lab RADIUSs - but it does work fine. Also for Cosine, other vendors etc.. I helped one of my colleagues configure exactly what you are doing a couple of days ago.

Not sure why you reference a bugfix for USR (US Robotics = 3Com) VSAs when you are using Cisco kit. Have you found this applies to Cisco VSAs too?

Of course I have precompiled binaries - looks like you are compiling so YMMV.

Regards,

Richard

> -----Original Message-----
> From:	Hank Nussbacher [SMTP:hank@att.net.il]
> Sent:	Tuesday, July 23, 2002 9:27 AM
> To:	Lewis, Richard
> Cc:	cisco-nsp@puck.nether.net
> Subject:	RE: [nsp] Merit Radius and Cisco authorization
> 
> At 09:09 AM 23-07-02 +0100, you wrote:
> >Hi Hank,
> >
> >On my Merit RADIUS it is :
> >
> >         Cisco:Cisco-Avpair = "shell:priv-lvl=15"
> >
> >         ..and don't forget the comma after the second line.
> 
> Huh?  Care to explain?
> 
> Looking at http://www.merit.edu/michnet/dial-in/aaa/faq.html#usrvsa and the 
> code we downloaded is 3.6B then we need to apply the patch.  Where did you 
> get your version from?
> 
> -Hank
> 
> 
> >         If you debug the RADIUS you can see if it is happy with your 
> > Cisco AV-pair attribute or if it is "tossing" it.
> >
> >         Regards,
> >
> >         Richard
> >
> >
> >
> >
> > > -----Original Message-----
> > > From: Hank Nussbacher [SMTP:hank@att.net.il]
> > > Sent: Tuesday, July 23, 2002 8:43 AM
> > > To:   cisco-nsp@puck.nether.net
> > > Subject:      [nsp] Merit Radius and Cisco authorization
> > >
> > > We are unable to get the Merit Radius to work properly with Cisco
> > > authorization.  Authentication works ok but authorization doesn't work:
> > > seven Password = "eight"
> > > Service-Type = Shell-User
> > > Cisco-Avpair = shell:priv-lvl=15
> > >
> > > Can someone send a working Merit Radius server config and the Cisco
> > > commands you use for authorization:
> > > aaa authorization exec default radius if-authenticated
> > >
> > > Thanks,
> > > Hank
> > >
> > > _______________________________________________
> > > cisco-nsp mailing list
> > > cisco-nsp@puck.nether.net
> > > http://puck.nether.net/mailman/listinfo/cisco-nsp
> >
> >
> >**********************************************************************
> >This message may contain information which is confidential or privileged.
> >If you are not the intended recipient, please advise the sender immediately
> >by reply e-mail and delete this message and any attachments
> >without retaining a copy.
> >
> >**********************************************************************


**********************************************************************
This message may contain information which is confidential or privileged.
If you are not the intended recipient, please advise the sender immediately
by reply e-mail and delete this message and any attachments
without retaining a copy.  

**********************************************************************