Re: (usr-tc) ARC not denying logins

27 Sep 2001

      Paul,

First off - we need more info.

What radius server?  Version?
Which ARC code?  How many ARCs on the network?
How many radius servers do you have (why is ROUND_ROBIN enabled?)
what does sh authentication contain?
What does your radius DEFAULT entry (or entries) look like?
Was it working before?  What changed?

Marshall Morgan

Internet Doorway, Inc (aka NETDOOR)
http://www.netdoor.com

601.969.1434 x28 | 800.952.1570 x28 | 601.969.3629 x28 | Fax 601.969.3838
----- Original Message ----- 
From: "Paul Farber" <farber@admin.f-tech.net>
To: <usr-tc@lists.xmission.com>
Sent: Wednesday, September 26, 2001 6:01 PM
Subject: (usr-tc) ARC not denying logins
...
hello all
I have rather strange problem.  My RADIUS server is rejecting the
authentication requests... but the ARC's (two of them) are letting users
on online.  The user in question is NOT in the users table.
The same RADIUS server is working 'correctly' with PATTON 2800's and
2996's (you cannot connect with the 'disabled' accounts).
For a starter here is sho radius
RADIUS SETTINGS
Fill Null Attributes :                     DISABLED
Attribute Style:                           STANDARD
Authentication Algorithm:                  ROUND_ROBIN
Interim Accounting Interval Status:        DISABLED
Interim Accounting Interval:               240 seconds
IEA Radius Source Port Authentication      ENABLED
IEA User Radius supplied username          DISABLED
Send Unauthenticated STOP record           ENABLED
Send Accounting records for default user:  ENABLED
Report Acct IP Addr only for Primary Link: DISABLED
Send only STOP Acct for failed services:   DISABLED
Test the authentication locally via radtest:
radtest jericho xxxxx localhost s1 xxxxx
Sending request to server localhost, port 1812.
radrecv: Reply from host 127.0.0.1 code=3, id=84, length=20
Access denied.
yet TC gives me:
HiPer>> _auth jericho xxxxx
CLI - User: jericho is Authenticated
But the radius server records the denial:
Wed Sep 26 18:27:16 2001: Auth: unix_pass: [jericho]: invalid shell
Wed Sep 26 18:27:16 2001: Auth: Login incorrect: [jericho/xxxxx]
-- 
Paul Farber
Farber Technology
farber@admin.f-tech.net
Ph  570-628-5303
Fax 570-628-5545
-
 To unsubscribe to usr-tc, send an email to "majordomo@xmission.com"
 with "unsubscribe usr-tc" in the body of the message.
 For information on digests or retrieving files and old messages send
 "help" to the same address.  Do not use quotes in your message.
-
 To unsubscribe to usr-tc, send an email to "majordomo@xmission.com"
 with "unsubscribe usr-tc" in the body of the message.
 For information on digests or retrieving files and old messages send
 "help" to the same address.  Do not use quotes in your message.