[nsp] Radius authentication

[Hagop Karaoghlanian]

Hi Victor,



Thanks for the insight...Actually I turned on debug radius, and found that
the radius did not have the same username/password combination as the client
software.

Thanks for everyones time
Hagop


-----Original Message-----
From: cisco-nsp-admin@puck.nether.net
[mailto:cisco-nsp-admin@puck.nether.net]On Behalf Of Victor Sudakov
Sent: Thursday, October 03, 2002 10:19 PM
To: Hagop Karaoghlanian
Cc: 'cisco-nsp@puck.nether.net'
Subject: Re: [nsp] Radius authentication


Hagop Karaoghlanian wrote:
>
> I have customer authenticating to cisco router then to radius server from
> the cisco client software.  On the router's config, I see something which
I
> am not sure of.
>
> here it is;
>
> radius-server host x.x.x.x auth-port 1645 acct-port 1646 key 7 "key
string"
> radius-server host x.x.x.x auth-port 1645 acct-port 1646 key 7 "key
string"
>
> however when I issue a show run, in the running-config I see that the key
> has not been "hidden" and it in clear text.  Would that cause a problem?

Should not be a problem.
More recent IOSes hide it, older ones don't.

>
> Also, when I change my authentication method locally to the router, the
> remote users authenticate.  However under radius authentiation, I don't
get
> any response.

Have you already tried
debug radius
debug aaa authen
debug aaa author

on the NAS and detailed debug on the radius server?
Are you sure the auth-port and acct-port are correct? More recent
radius daemons should listen on ports 1813 and 1812 IMHO.



--
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
_______________________________________________
cisco-nsp mailing list  real_name)s@puck.nether.net
http://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/