[nsp] Radius authentication
Hagop Karaoghlanian
hkaraoghlanian@rogers.com
Fri, 4 Oct 2002 01:47:59 -0400
Hi Victor,
Thanks for the insight...Actually I turned on debug radius, and found that
the radius did not have the same username/password combination as the client
software.
Thanks for everyones time
Hagop
-----Original Message-----
From: cisco-nsp-admin@puck.nether.net
[mailto:cisco-nsp-admin@puck.nether.net]On Behalf Of Victor Sudakov
Sent: Thursday, October 03, 2002 10:19 PM
To: Hagop Karaoghlanian
Cc: 'cisco-nsp@puck.nether.net'
Subject: Re: [nsp] Radius authentication
Hagop Karaoghlanian wrote:
>
> I have customer authenticating to cisco router then to radius server from
> the cisco client software. On the router's config, I see something which
I
> am not sure of.
>
> here it is;
>
> radius-server host x.x.x.x auth-port 1645 acct-port 1646 key 7 "key
string"
> radius-server host x.x.x.x auth-port 1645 acct-port 1646 key 7 "key
string"
>
> however when I issue a show run, in the running-config I see that the key
> has not been "hidden" and it in clear text. Would that cause a problem?
Should not be a problem.
More recent IOSes hide it, older ones don't.
>
> Also, when I change my authentication method locally to the router, the
> remote users authenticate. However under radius authentiation, I don't
get
> any response.
Have you already tried
debug radius
debug aaa authen
debug aaa author
on the NAS and detailed debug on the radius server?
Are you sure the auth-port and acct-port are correct? More recent
radius daemons should listen on ports 1813 and 1812 IMHO.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
_______________________________________________
cisco-nsp mailing list real_name)s@puck.nether.net
http://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/