Authen & Autho RADIUS

[lesieur]

Bonjour, je viens de faire un test d'ahtentification Radius sur un routeur 3620. J'obtiens bien l'authentification sur (de) mon serveur Radius de test (winradius).

User Access Verification

Username: test
Password:

MAIS APRES POUR PASSER EN MODE ENABLE IL ME DEMANDE UN MOT DE PASSE ET LA JE BLOQUE, LE LIVRE HARDERINS CISCO ROUTERS NE ME DONNE PAS LA SOLUTION.

INTERCO>en
Password:
% Error in authentication.


AVEZ VOUS UNE IDEE ???

MERCI D'AVANCE Si il manque quelque chose dite le moi


-----------------------------------------------------
Building configuration...

Current configuration:
!
version 11.2
no service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname INTERCO
!
aaa new-model
aaa authentication login default radius local
aaa authentication login aaa1 radius enable
aaa authentication enable default radius none
aaa authorization commands 2 radius
aaa authorization network radius
!
username 12 privilege 15 password 0 12
!
interface Ethernet0/0
description Interface VLAN WAN
ip address 10.68.17.4 255.255.255.0
!
radius-server host 10.68.11.254 auth-port 1645 acct-port 1646
radius-server key passwordvpn
!
line con 0
exec-timeout 0 0
line aux 0
line vty 1 4
exec-timeout 0 0
login authentication aaa1
!
end

---------

Voici les debug


AAA/AUTHEN: dup_user (0x609D6998) user='test' ruser='' port='tty66' rem_addr='10
.68.11.254' authen_type=ASCII service=ENABLE priv=15 source='AAA dup enable'
AAA/AUTHEN/START (521109764): port='tty66' list='default' action=LOGIN service=E
NABLE
AAA/AUTHEN/START (521109764): found list default
AAA/AUTHEN/START (521109764): Method=RADIUS
AAA/AUTHEN (521109764): status = GETPASS
AAA/AUTHEN/CONT (521109764): continue_login (user='test')
AAA/AUTHEN (521109764): status = GETPASS
AAA/AUTHEN (521109764): Method=RADIUS
RADIUS: Authenticating using $enab15$
RADIUS: Using stdio port information: port 66
RADIUS: Initial Transmit id 13 10.68.11.254:1645, Access-Request, len 86
Attribute 4 6 0A441104
Attribute 5 6 00000042
Attribute 61 6 00000005
Attribute 1 10 24656E61
Attribute 31 14 31302E36
Attribute 2 18 05F33817
Attribute 6 6 00000006
RADIUS: Received from id 13 10.68.11.254:1645, Access-Reject, len 20
AAA/AUTHEN (521109764): status = FAIL
AAA/AUTHEN: free_user (0x609D6998) user='test' ruser='' port='tty66' rem_addr='1
0.68.11.254' authen_type=ASCII service=ENABLE priv=15
AAA/AUTHEN: dup_user (0x60B25C40) user='test' ruser='' port='tty66' rem_addr='10
.68.11.254' authen_type=ASCII service=ENABLE priv=15 source='AAA dup enable'
AAA/AUTHEN/START (200710933): port='tty66' list='default' action=LOGIN service=E
NABLE
AAA/AUTHEN/START (200710933): found list default
AAA/AUTHEN/START (200710933): Method=RADIUS
AAA/AUTHEN (200710933): status = GETPASS
AAA/AUTHEN/CONT (200710933): continue_login (user='test')
AAA/AUTHEN (200710933): status = GETPASS
AAA/AUTHEN (200710933): Method=RADIUS
RADIUS: Authenticating using $enab15$
RADIUS: Using stdio port information: port 66
RADIUS: Initial Transmit id 14 10.68.11.254:1645, Access-Request, len 86
Attribute 4 6 0A441104
Attribute 5 6 00000042
Attribute 61 6 00000005
Attribute 1 10 24656E61
Attribute 31 14 31302E36
Attribute 2 18 75906DE9
Attribute 6 6 00000006
RADIUS: Received from id 14 10.68.11.254:1645, Access-Reject, len 20
AAA/AUTHEN (200710933): status = FAIL
AAA/AUTHEN: free_user (0x60B25C40) user='test' ruser='' port='tty66' rem_addr='1
0.68.11.254' authen_type=ASCII service=ENABLE priv=15
AAA/AUTHEN: dup_user (0x609D6998) user='test' ruser='' port='tty66' rem_addr='10
.68.11.254' authen_type=ASCII service=ENABLE priv=15 source='AAA dup enable'
AAA/AUTHEN/START (2955632513): port='tty66' list='default' action=LOGIN service=
ENABLE
AAA/AUTHEN/START (2955632513): found list default
AAA/AUTHEN/START (2955632513): Method=RADIUS
AAA/AUTHEN (2955632513): status = GETPASS
AAA/AUTHEN/CONT (2955632513): continue_login (user='test')
AAA/AUTHEN (2955632513): status = GETPASS
AAA/AUTHEN (2955632513): Method=RADIUS
RADIUS: Authenticating using $enab15$
RADIUS: Using stdio port information: port 66
RADIUS: Initial Transmit id 15 10.68.11.254:1645, Access-Request, len 86
Attribute 4 6 0A441104
Attribute 5 6 00000042
Attribute 61 6 00000005
Attribute 1 10 24656E61
Attribute 31 14 31302E36
Attribute 2 18 CBD57125
Attribute 6 6 00000006
RADIUS: Received from id 15 10.68.11.254:1645, Access-Reject, len 20
AAA/AUTHEN (2955632513): status = FAIL
AAA/AUTHEN: free_user (0x609D6998) user='test' ruser='' port='tty66' rem_addr='1
0.68.11.254' authen_type=ASCII service=ENABLE priv=15
INTERCO_DANZAS#

[Gugus]

Essaye de supprimer les lignes:
aaa authorization commands 2 radius
aaa authentication enable default radius none
de ta configuration pour voir.....

Edité par - gugus le 19 February 2004 18:13:24

[ncrow18]

salut

essayé avec cet conf elles est testé sur un cisco 2511 avec des ports asynchrone
router#
Using 2261 out of 32762 bytes
!
version
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname router
!
aaa new-model
aaa authentication login default radius local
aaa authentication login no-radius local
aaa authentication ppp default radius
aaa authorization exec default local radius
aaa authorization network default local radius
aaa accounting exec default start-stop radius
aaa accounting network default start-stop radius
enable secret 5 ggg
enable password mm
!
username mm password 0 mm

ip subnet-zero
no ip finger
ip name-server 193.251.56.3
chat-script cisco-default ABORT ERROR "" "AT Z" OK "ATDT T" TIMEOUT 30
!
!
!
interface Ethernet0
ip address 192.168.1.10 255.255.255.0
no ip directed-broadcast
no ip mroute-cache
!
interface Serial0
ip address 192.168.8.2 255.255.255.252
no ip directed-broadcast
no ip mroute-cache

!

!

ip classless
ip route 0.0.0.0 0.0.0.0 serial0
!



snmp-server community graph RO 5
radius-server host 192.168.100.1 auth-port 1645 acct-port 1646
radius-server retransmit 100
radius-server timeout 20
radius-server key yyy
banner motd ^CC Welcome ^C
!
line con 0
exec-timeout 0 0
login authentication no-radius
transport input none
line 1 16

line aux 0

line vty 0 4
access-class 20 in
login authentication no-radius

!
end

router#



connaissance