Greetings all,
With Radiator authenticating to a flat file, and given an entry:
-------------------------------8<-------------------------------
neale Auth-Type = "System"
Service-Type = NAS-Prompt-User
-------------------------------8<-------------------------------
with the dictionary including:
-------------------------------8<-------------------------------
# grep Service-Type dictionary
ATTRIBUTE Service-Type 6 integer
VALUE Service-Type Login-User 1
VALUE Service-Type Framed-User 2
VALUE Service-Type Callback-Login-User 3
VALUE Service-Type Callback-Framed-User 4
VALUE Service-Type Outbound-User 5
VALUE Service-Type Administrative-User 6
VALUE Service-Type NAS-Prompt-User 7
VALUE Service-Type Authenticate-Only 8
VALUE Service-Type Callback-Admin-User 9
VALUE Service-Type Annex-Authorize-Only 0x06300001
VALUE Service-Type Annex-Framed-Tunnel 0x06300002
VENDORATTR 166 Shiva-Service-Type 2 integer
VALUE Shiva-Service-Type VPN
-------------------------------8<-------------------------------
The Cisco 5300 is insisting that the value being returned for Service-Type
is zero:
-------------------------------8<-------------------------------
*Jan 16 04:40:53.081: RADIUS: Received from id 227 z.y.z.4:1812, Access-Accept, len 56
*Jan 16 04:40:53.081: Attribute 8 6 FFFFFFFE
*Jan 16 04:40:53.081: Attribute 6 6 00000000
*Jan 16 04:40:53.081: Attribute 9 6 FFFFFFFF
*Jan 16 04:40:53.081: Attribute 10 6 00000000
*Jan 16 04:40:53.081: Attribute 12 6 000005DC
*Jan 16 04:40:53.081: Attribute 244 6 00000E10
-------------------------------8<-------------------------------
Rather unsurprisingly, this doesn't have the desired effect when the NAS
is looking to RADIUS for "exec" authorisation:
RADIUS: Unknown service-type in shell-author: type=0
RADIUS: no appropriate authorization type for user.
Any suggestions on how to nail this one?
Thanks,
Neale.
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
