[c-nsp] Empty Username for Dialup

Osama I. Dosary oid at saudi.net.sa
Tue Dec 14 09:34:17 EST 2004


I'm not very good at this remote ppp/aaa stuff, but this is what I got:
aaa authorization network xyz none  (works if I also use 'ppp 
authorization xyz in virtual template)
aaa authorization network default none (doesn't work, but I really don't 
understand the difference very well)
/Osama
Oliver Boehmer (oboehmer) wrote:

>>We tried that, and it didn't work. The strange thing about that, is it
>>would report that the RADIUS is dead.
>>    
>>
>
>Hmm, maybe you left network authorization on? 
>Please provide more details, i.e. config, platform, version.
>
>In general disabling authentication and authorization is one approach.
>Another one (if you want to retain authen/author for other users) is
>ISDN pre-authentication, i.e. you send an authen request based on DNIS
>(or CLID) to the Radius server and then suppress authen/author using a
>Cisco AVP in the response. So if your Internet user all dial the same
>DNIS, this could be an option..
>
>	oli
>
>  
>
>>
>>Gert Doering wrote:
>>
>>    
>>
>>>Hi,
>>>
>>>On Tue, Dec 14, 2004 at 12:06:38PM +0300, Osama I. Dosary wrote:
>>>
>>>
>>>      
>>>
>>>>Unforutnately, the router does not like empty usernames. And is
>>>>giving this error message: Dec 13 14:32:22: As97 PAP: O AUTH-NAK id
>>>>5 len 41 msg is "No hostname received to authenticate" 
>>>>
>>>>
>>>>        
>>>>
>>>It might work to put "no ppp auth" into the virtual-template /
>>>physical interface.  So the router will not even ask for PPP
>>>authentication in the first place. 
>>>
>>>gert
>>>
>>>
>>>      
>>>
>>_______________________________________________
>>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>https://puck.nether.net/mailman/listinfo/cisco-nsp
>>archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
>  
>


More information about the cisco-nsp mailing list