[nsp] Radius authentication
Victor Sudakov
sudakov@sibptus.tomsk.ru
Fri, 4 Oct 2002 09:18:48 +0700
Hagop Karaoghlanian wrote:
>
> I have customer authenticating to cisco router then to radius server from
> the cisco client software. On the router's config, I see something which I
> am not sure of.
>
> here it is;
>
> radius-server host x.x.x.x auth-port 1645 acct-port 1646 key 7 "key string"
> radius-server host x.x.x.x auth-port 1645 acct-port 1646 key 7 "key string"
>
> however when I issue a show run, in the running-config I see that the key
> has not been "hidden" and it in clear text. Would that cause a problem?
Should not be a problem.
More recent IOSes hide it, older ones don't.
>
> Also, when I change my authentication method locally to the router, the
> remote users authenticate. However under radius authentiation, I don't get
> any response.
Have you already tried
debug radius
debug aaa authen
debug aaa author
on the NAS and detailed debug on the radius server?
Are you sure the auth-port and acct-port are correct? More recent
radius daemons should listen on ports 1813 and 1812 IMHO.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN