Re: Callback with tacacs+

From: Phil (theccie@gmail.com)
Date: Tue Jul 27 2004 - 21:01:28 GMT-3

• Next message: Tony Schaffran: "RE: Callback with tacacs+"
• Previous message: Peng Zheng: "Callback with tacacs+"
• Maybe in reply to: Peng Zheng: "Callback with tacacs+"
• Next in thread: Tony Schaffran: "RE: Callback with tacacs+"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

You shouldn't have the callback string in the username command. It is
supposed to be supplied by the TACACS+ server. How does your TACACS+
consifuration looks like in the server?

Phil

On Tue, 27 Jul 2004 16:25:09 -0700 (PDT), Peng Zheng <zpnist@yahoo.com> wrote:
> Configure R1-R3, R3 will callback R1 through tacacs+
> authentication and authorization.
>
> Config on R1:
>
> hostname r1
> !
> !
> username r3 password 0 CISCO
> interface BRI0
> ip address 192.168.45.4 255.255.255.0
> encapsulation ppp
> dialer map ip 192.168.45.5 name r3 broadcast
> 4082222222
> dialer-group 1
> isdn switch-type basic-ni
> isdn spid1 40811111111
> isdn spid2 40811111112
> ppp callback request
> ppp authentication chap
> ppp multilink
> multilink min-links 2
> dialer-list 1 protocol ip permit
>
> Config on R3:
>
> hostname r3
> !
> aaa new-model
> aaa authentication ppp default group tacacs+ local
> aaa authorization network default group tacacs+ local
> !
> username r1 callback-dialstring 4081111111 password 0
> CISCO
>
> interface Ethernet0
> ip address 192.168.1.3 255.255.255.0
> interface BRI0
> ip address 192.168.45.5 255.255.255.0
> encapsulation ppp
> dialer-group 1
> isdn switch-type basic-ni
> isdn spid1 40822222221
> isdn spid2 40822222222
> cdapi buffers regular 0
> cdapi buffers raw 0
> cdapi buffers large 0
> ppp callback accept
> ppp authentication chap
> ppp multilink
> multilink min-links 2
> dialer-list 1 protocol ip permit
> !
> tacacs-server host 192.168.1.2 key cisco
>
> On tacacs+ server, I configured user r1 with
> callback-string, Assigned by dialup client, PPP IP,
> PPP LCP and PPP multilink
>
> R3 did callback, but disconnect immediately. I got:
>
> 01:13:45: %ISDN-6-DISCONNECT: Interface BRI0:1
> disconnected from 4081111111 r1,
> call lasted 2 seconds
> 01:13:45: %LINK-3-UPDOWN: Interface BRI0:1, changed
> state to down
>
> Any suggestion?
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail Address AutoComplete - You start. We finish.
> http://promotions.yahoo.com/new_mail
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Tony Schaffran: "RE: Callback with tacacs+"
• Previous message: Peng Zheng: "Callback with tacacs+"
• Maybe in reply to: Peng Zheng: "Callback with tacacs+"
• Next in thread: Tony Schaffran: "RE: Callback with tacacs+"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Aug 01 2004 - 10:12:04 GMT-3