Re: need help:problem with AAA authorization with Radius

From: sirus MOGHADASIAN (cyrus.mgh@gmail.com)
Date: Tue Jul 24 2007 - 16:52:20 ART

• Next message: Djerk Geurts: "Vlan access-map"
• Previous message: Chris Riling: "Re: NLI"
• Maybe in reply to: sirus MOGHADASIAN: "need help:problem with AAA authorization with Radius"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,
Thanks for your replies ,after hours of frustrating I found the problem stem
from fact that user has not appropriate remote access permissions by default
in active directory.

Sirus

On 7/24/07, Ina&Laurean <ina.laurean@gmail.com> wrote:
>
> Hi Hafiz,
>
> aaa authorization network command is used for protocols like PPP and SLIP,
>
>
> aaa authorization exec is used to control level of access for users
>
>
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hsec_c/part05/schathor.htm#wp1000953
>
> I tested the configuration as described in www.vectorcomms.com/radius.html
> document and it works fine.
> I was able to authenticate with AD username and password and to gain
> access as level 15
>
> Laurean
>
>
>
> On 7/24/07, Hafiz Ahmed <ruben.bd@gmail.com> wrote:
>
> > aaa authentication login default group radius enable
> > aaa authorization network default group radius none
> >
> > Try this one & also check the radius ip port & key
> >
> > Hafiz.
> >
> > On 7/24/07, Laurean Stefenel < laureans@hotmail.com> wrote:
> > > Hi Sirus,
> > > I believe you need also aaa authorization,
> > > I found an example at www.vectorcomms.com/radius.html
> > > I haven't had the chance to test yet to see if it works.
> > >
> > > Regards,
> > > Laurean
> > >
> > >
> > >
> > >
> > > > Date: Mon, 23 Jul 2007 13:37:12 +0330> From: cyrus.mgh@gmail.com>
> > To:
> > > ccielab@groupstudy.com> Subject: need help:problem with AAA
> > authorization
> > > with
> > > Radius> > Hi,> > I configure router with following commands> > aaa
> > > new-model>
> > > aaa authentication enable default group radius none> radius-server
> > host
> > > 2.2.2.9 auth-port 1645 acct-port 1646 key cisco> > and also configure
> > IAS
> > > ,join it to AD, create Radius client,Remote Access> Policy (use
> > unencripted
> > > and add windows group) everything seems to be OK,> but when I try to
> > login
> > > from user mode to privilege mode it gives me this> error "% Error in
> > > authentication." ,besides this is log file of IAS> >
> > > "2.2.2.2,$enab15$,07/23/2007,02:51:31,IAS,SERVER2003,25,311 1>
> > > 2.2.2.907/22/2007 21:52:38>
> > > 18,4127,1,4130,MCSE\$enab15$,4129,MCSE\$enab15$,4154,Use Windows>
> > > authentication for all users,4108, 2.2.2.2>
> > > ,4116,9,4128,R1,4155,1,4136,3,4142,48"> > Any idea why I cannot login
> > use my
> > > windows password???????> > > Sirus MGH> >
> > >
> > _______________________________________________________________________>
> > > Subscription information may be found at: >
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> >
> >
> > --
> > Hafiz Ahmed
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

• Next message: Djerk Geurts: "Vlan access-map"
• Previous message: Chris Riling: "Re: NLI"
• Maybe in reply to: sirus MOGHADASIAN: "need help:problem with AAA authorization with Radius"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Aug 18 2007 - 08:17:41 ART