[c-nsp] Empty Username for Dialup
Osama I. Dosary
oid at saudi.net.sa
Tue Dec 14 09:34:17 EST 2004
I'm not very good at this remote ppp/aaa stuff, but this is what I got:
aaa authorization network xyz none (works if I also use 'ppp
authorization xyz in virtual template)
aaa authorization network default none (doesn't work, but I really don't
understand the difference very well)
/Osama
Oliver Boehmer (oboehmer) wrote:
>>We tried that, and it didn't work. The strange thing about that, is it
>>would report that the RADIUS is dead.
>>
>>
>
>Hmm, maybe you left network authorization on?
>Please provide more details, i.e. config, platform, version.
>
>In general disabling authentication and authorization is one approach.
>Another one (if you want to retain authen/author for other users) is
>ISDN pre-authentication, i.e. you send an authen request based on DNIS
>(or CLID) to the Radius server and then suppress authen/author using a
>Cisco AVP in the response. So if your Internet user all dial the same
>DNIS, this could be an option..
>
> oli
>
>
>
>>
>>Gert Doering wrote:
>>
>>
>>
>>>Hi,
>>>
>>>On Tue, Dec 14, 2004 at 12:06:38PM +0300, Osama I. Dosary wrote:
>>>
>>>
>>>
>>>
>>>>Unforutnately, the router does not like empty usernames. And is
>>>>giving this error message: Dec 13 14:32:22: As97 PAP: O AUTH-NAK id
>>>>5 len 41 msg is "No hostname received to authenticate"
>>>>
>>>>
>>>>
>>>>
>>>It might work to put "no ppp auth" into the virtual-template /
>>>physical interface. So the router will not even ask for PPP
>>>authentication in the first place.
>>>
>>>gert
>>>
>>>
>>>
>>>
>>_______________________________________________
>>cisco-nsp mailing list cisco-nsp at puck.nether.net
>>https://puck.nether.net/mailman/listinfo/cisco-nsp
>>archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
>
>
More information about the cisco-nsp
mailing list